1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-08 19:21:33 -05:00
Linux-Setup-Scripts/etc/ssh/sshd_config.d/10-custom.conf
Tommy 3be6ad0817
Even more SSHD Hardening
Signed-off-by: Tommy <contact@tommytran.io>
2024-07-01 14:03:54 -07:00

44 lines
1.0 KiB
Plaintext

# Encryption hardening
HostKey /etc/ssh/ssh_host_ed25519_key
HostKeyAlgorithms ssh-ed25519
KexAlgorithms sntrup761x25519-sha512@openssh.com
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers aes256-gcm@openssh.com
MACs -*
# Security hardening
AuthenticationMethods publickey
AuthorizedKeysFile .ssh/authorized_keys
Compression no
DisableForwarding yes
LoginGraceTime 15s
MaxAuthTries 1
PermitUserEnvironment no
PermitUserRC no
StrictModes yes
UseDNS no
# Use KeepAlive over SSH instead of with TCP to prevent spoofing
TCPKeepAlive no
ClientAliveInterval 15
ClientAliveCountMax 4
## Use PAM for session checks here but authentication is disabled below
## Also, this prevents running sshd as non-root
UsePAM yes
# Disabling unused authentication methods
ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
PasswordAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
KbdInteractiveAuthentication no
KerberosAuthentication no
# Displaying info
Banner /etc/issue.net
PrintLastLog yes
PrintMotd yes