cobyp/linux-toolkit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Additional sshd hardening

Browse Source
This commit is contained in:
Coby Powers
2023-02-27 03:32:59 +00:00
parent 974c006690
commit 2c9e5544d3
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sshd/sshd_config
View File

@ -26,6 +26,7 @@ Port 69
Ciphers aes256-gcm@openssh.com,aes256-ctr Ciphers aes256-gcm@openssh.com,aes256-ctr
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
Protocol 2
#HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key #HostKey /etc/ssh/ssh_host_ed25519_key
@ -45,8 +46,9 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
# / __ / // / __/ _ \/ -_) _ \/ __/ / __/ _ `/ __/ / _ \/ _ \ # / __ / // / __/ _ \/ -_) _ \/ __/ / __/ _ `/ __/ / _ \/ _ \
#/_/ |_\_,_/\__/_//_/\__/_//_/\__/_/\__/\_,_/\__/_/\___/_//_/ #/_/ |_\_,_/\__/_//_/\__/_//_/\__/_/\__/\_,_/\__/_/\___/_//_/
# #
AllowUsers coby
AllowGroups coby
#LoginGraceTime 2m #LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin no PermitRootLogin no
#StrictModes yes #StrictModes yes
#MaxAuthTries 6 #MaxAuthTries 6
@ -126,8 +128,8 @@ PrintMotd no
#TCPKeepAlive yes #TCPKeepAlive yes
PermitUserEnvironment no PermitUserEnvironment no
#Compression delayed #Compression delayed
#ClientAliveInterval 0 ClientAliveInterval 600
#ClientAliveCountMax 3 ClientAliveCountMax 3
#UseDNS no #UseDNS no
#PidFile /var/run/sshd.pid #PidFile /var/run/sshd.pid
#MaxStartups 10:30:100 #MaxStartups 10:30:100
@ -135,13 +137,13 @@ PermitUserEnvironment no
#ChrootDirectory none #ChrootDirectory none
#VersionAddendum none #VersionAddendum none
# no default banner path # No default banner path
#Banner none #Banner none
# Allow client to pass locale environment variables # Allow client to pass locale environment variables
AcceptEnv LANG LC_* AcceptEnv LANG LC_*
# override default of no subsystems # Override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis # Example of overriding settings on a per-user basis