Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# See https://infosec-handbook.eu/blog/wss1-basic-hardening/ for more details
# All unnecessary comment lines were removed!
# Explictly define port
Port 22
# Host key used for authentication
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa-cert-v01@openssh.com
# Logging
LogLevel VERBOSE
# Authentication
AllowUsers angela
AuthenticationMethods publickey,keyboard-interactive
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
StrictModes yes
MaxAuthTries 1
MaxSessions 2
# Additional configuration
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PrintMotd no
Banner /etc/issue.net
TCPKeepAlive no
PermitUserEnvironment no
Compression no
ClientAliveInterval 300
ClientAliveCountMax 0
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.