From eb421d1fe451f3041f6f8a743b29ee65e55aa709 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Sat, 17 Sep 2022 20:41:18 -0400
Subject: [PATCH] SSHD Configurations

Signed-off-by: Tommy <contact@tommytran.io>
---
 RHEL-Server-9.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/RHEL-Server-9.sh b/RHEL-Server-9.sh
index ef92f4c..26b0b7b 100644
--- a/RHEL-Server-9.sh
+++ b/RHEL-Server-9.sh
@@ -1,13 +1,15 @@
 #!/bin/bash
 #Assuming that you are using ANSSI-BP-028
 
+mkdir -p /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d 
+echo "GSSAPIAuthentication no" | sudo tee -a /etc/ssh/ssh_config.d/10-custom.conf
+echo "X11Forwarding no 
+GSSAPIAuthentication no" | sudo tee -a /etc/ssh/sshd_config.d/10-custom.conf
+echo "PasswordAuthentication no" | sudo tee /etc/ssh/sshd_config.d/40-disable-passwords.conf
+
 sudo dnf install tuned -y
 sudo tuned-adm profile virtual-guest
 
-echo "X11Forwarding no" >> sudo tee -a /etc/ssh/sshd_config.d/10-custom.conf
-echo "GSSAPIAuthentication no" >> sudo tee -a /etc/ssh/sshd_config.d/10-custom.conf
-echo "GSSAPIAuthentication no" >> sudo tee -a /etc/ssh/ssh_config.d/10-custom.conf
-
 sudo curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /etc/modprobe.d/30_security-misc.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc.conf -o /etc/sysctl.d/30_security-misc.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf