systems/infrastructure
1
Fork 0
Code Issues 1 Pull Requests 12 Actions Activity

Harden SSH config

Browse Source
This commit is contained in:
Jake Howard 2020-01-28 21:04:26 +00:00
parent 0dbeb64710
commit d61cb64c7e
Signed by: jake
GPG Key ID: 57AFB45680EDD477
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/roles/ssh/files/sshd_config
View File

@ -30,8 +30,8 @@ AuthenticationMethods publickey
# Disable root SSH access
PermitRootLogin no
# Client timeout (5 minutes)
ClientAliveInterval 300
# Client timeout
ClientAliveInterval 600
ClientAliveCountMax 0
# Compression (only after authentication)
@ -58,9 +58,9 @@ Ciphers aes256-ctr,aes128-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-gcm@opens
# Key Exchange algorithms (Elliptic Curve Diffie-Hellman)
# DH-SHA-256 included for compat with PuTTY-WinCrypt clients
KexAlgorithms diffie-hellman-group18-sha512,curve25519-sha256@libssh.org
KexAlgorithms diffie-hellman-group18-sha512,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512
# Don’t read the user’s ~/.rhosts and ~/.shosts files
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Disable unused authentication schemes
@ -74,7 +74,7 @@ UsePAM no
# X11 support
X11Forwarding no
# Don’t show Message of the Day
# Don't show Message of the Day
PrintMotd yes
# TCPKeepAlive (non-tunneled, disabled)