Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# See https://infosec-handbook.eu/blog/wss1-basic-hardening/ for more details
# All unnecessary comment lines were removed!
# Explictly define port
Port 22
# Host key used for authentication
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa-cert-v01@openssh.com
# Logging
LogLevel VERBOSE
# Authentication
AllowUsers angela
AuthenticationMethods publickey,keyboard-interactive
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
StrictModes yes
MaxAuthTries 1
MaxSessions 2
# Additional configuration
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PrintMotd no
Banner /etc/issue.net
TCPKeepAlive no
PermitUserEnvironment no
Compression no
ClientAliveInterval 300
ClientAliveCountMax 0
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.