Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardening of SSH server? #1

Open
palmerj opened this issue Feb 26, 2019 · 2 comments
Open

Hardening of SSH server? #1

palmerj opened this issue Feb 26, 2019 · 2 comments

Comments

@palmerj
Copy link

palmerj commented Feb 26, 2019

Maybe following CIS guidelines to thing about:

CIS - 9.3.1 Set SSH Protocol to 2
CIS - 9.3.2 Set LogLevel to INFO
CIS - 9.3.3 Set Permissions on /etc/ssh/sshd_config
CIS - 9.3.(4,7,8,9,10) Disable some SSH options
CIS - 9.3.5 Set SSH MaxAuthTries to 4 or Less
CIS - 9.3.6 Set SSH IgnoreRhosts to Yes
CIS - 9.3.11 Use Only Approved Cipher in Counter Mode
CIS - 9.3.12.2 Set Idle Timeout Interval for User Login
CIS - 9.3.13.1 Limit Access via SSH (DenyUsers)
CIS - 9.3.13.1 Limit Access via SSH (AllowUsers)
CIS - 9.3.14 Set SSH Banner
CIS v2 - 5.2.11 Ensure only approved MAC algorithms are used
@alex0ptr
Copy link
Owner

alex0ptr commented Mar 4, 2019

Thanks for the suggestion. I didn't know about these guidelines. I'll take a look once I find time.

@palmerj
Copy link
Author

palmerj commented Mar 4, 2019

Cool. Also found this which is useful too https://github.com/nasatome/First-Steps-and-Hardening-in-Ubuntu-Server-And-Docker#hardening-ssh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@palmerj @alex0ptr