fargate-bastion icon indicating copy to clipboard operation
fargate-bastion copied to clipboard
verified publisher icon alex0ptr

Hardening of SSH server?

Open palmerj opened this issue 6 years ago • 2 comments

Maybe following CIS guidelines to thing about:

CIS - 9.3.1 Set SSH Protocol to 2 CIS - 9.3.2 Set LogLevel to INFO CIS - 9.3.3 Set Permissions on /etc/ssh/sshd_config CIS - 9.3.(4,7,8,9,10) Disable some SSH options CIS - 9.3.5 Set SSH MaxAuthTries to 4 or Less CIS - 9.3.6 Set SSH IgnoreRhosts to Yes CIS - 9.3.11 Use Only Approved Cipher in Counter Mode CIS - 9.3.12.2 Set Idle Timeout Interval for User Login CIS - 9.3.13.1 Limit Access via SSH (DenyUsers) CIS - 9.3.13.1 Limit Access via SSH (AllowUsers) CIS - 9.3.14 Set SSH Banner CIS v2 - 5.2.11 Ensure only approved MAC algorithms are used

palmerj avatar Feb 26 '19 07:02 palmerj

Thanks for the suggestion. I didn't know about these guidelines. I'll take a look once I find time.

alex0ptr avatar Mar 04 '19 20:03 alex0ptr

Cool. Also found this which is useful too https://github.com/nasatome/First-Steps-and-Hardening-in-Ubuntu-Server-And-Docker#hardening-ssh

palmerj avatar Mar 04 '19 22:03 palmerj