Hardening SSH on Linux
Hardening SSH on Linux
Hardening SSH on Linux
Posted on 2022-05-21 by Peter Bassill in category Guides.
Your config should look something like this:
| Port 22 | |
| KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 | |
| Ciphers aes256-ctr | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 | |
| Protocol 2 | |
| HostKey /etc/ssh/ssh_host_ed25519_key | |
| HostKey /etc/ssh/ssh_host_ecdsa_key | |
| HostKey /etc/ssh/ssh_host_dsa_key | |
| HostKey /etc/ssh/ssh_host_rsa_key | |
| UsePrivilegeSeparation sandbox | |
| KeyRegenerationInterval 3600 | |
| ServerKeyBits 1024 | |
| SyslogFacility AUTH | |
| LogLevel INFO | |
| LoginGraceTime 60 | |
| PermitRootLogin no | |
| AllowGroups ssh | |
| StrictModes yes | |
| RSAAuthentication yes | |
| PubkeyAuthentication yes | |
| IgnoreRhosts yes | |
| RhostsRSAAuthentication no | |
| HostbasedAuthentication no | |
| PermitEmptyPasswords no | |
| ChallengeResponseAuthentication no | |
| X11Forwarding no | |
| X11DisplayOffset 10 | |
| PrintMotd yes | |
| PrintLastLog yes | |
| TCPKeepAlive yes | |
| AcceptEnv LANG LC_* | |
| Subsystem sftp /usr/lib/openssh/sftp-server |
Get in Touch
Kindly fill the form and we will get back to you.
