Skip to content

Commit

Permalink
Hardening SSH Config
Browse files Browse the repository at this point in the history 
  * Consider hardening SSH configuration [SSH-7408]
    - Details  : AllowTcpForwarding (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : ClientAliveCountMax (3 --> 2)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : Compression (YES --> (DELAYED|NO))
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : LogLevel (INFO --> VERBOSE)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : MaxAuthTries (6 --> 2)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : MaxSessions (10 --> 2)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : PermitRootLogin (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : Port (22 --> )
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : TCPKeepAlive (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : X11Forwarding (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408]
    - Details  : AllowAgentForwarding (YES --> NO)
      https://cisofy.com/controls/SSH-7408/
  • Loading branch information
@ohemilyy
ohemilyy authored Nov 12, 2023
1 parent 381d263 commit e83c0c6
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions resources/sshd_config
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,15 @@ Include /etc/ssh/sshd_config.d/*.conf

# Logging
#SyslogFacility AUTH
#LogLevel INFO
LogLevel VERBOSE

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
MaxAuthTries 2
MaxSessions 2

# scala start - enable pubkey auth
PubkeyAuthentication yes
Expand Down Expand Up @@ -87,20 +87,20 @@ ChallengeResponseAuthentication no
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
AllowAgentForwarding no
AllowTcpForwarding no
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
TCPKeepAlive no
#PermitUserEnvironment no
#Compression delayed
Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
ClientAliveCountMax 2
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
Expand All @@ -109,7 +109,7 @@ PrintMotd no
#VersionAddendum none

# no default banner path
#Banner none
Banner /etc/banner

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Expand All @@ -119,8 +119,8 @@ Subsystem sftp /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
PasswordAuthentication yes
PasswordAuthentication no

0 comments on commit e83c0c6

Please sign in to comment.