Additional sshd hardening

sshd/sshd_config

@@ -26,6 +26,7 @@ Port 69
 Ciphers aes256-gcm@openssh.com,aes256-ctr
 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
+Protocol 2
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
@@ -45,8 +46,9 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
 # / __ / // / __/ _ \/ -_) _ \/ __/ / __/ _ `/ __/ / _ \/ _ \
 #/_/ |_\_,_/\__/_//_/\__/_//_/\__/_/\__/\_,_/\__/_/\___/_//_/
 #
+AllowUsers coby
+AllowGroups coby
 #LoginGraceTime 2m
-#PermitRootLogin prohibit-password
 PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
@@ -126,8 +128,8 @@ PrintMotd no
 #TCPKeepAlive yes
 PermitUserEnvironment no
 #Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
+ClientAliveInterval 600
+ClientAliveCountMax 3
 #UseDNS no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
@@ -135,13 +137,13 @@ PermitUserEnvironment no
 #ChrootDirectory none
 #VersionAddendum none
 
-# no default banner path
+# No default banner path
 #Banner none
 
 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
 
-# override default of no subsystems
+# Override default of no subsystems
 Subsystem sftp	/usr/lib/openssh/sftp-server
 
 # Example of overriding settings on a per-user basis