Created
November 21, 2020 23:06
-
-
Save vtjeng/a46a3f1908346058e183805a198b886f to your computer and use it in GitHub Desktop.
Reasonable defaults for /etc/ssh/sshd_config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sources: | |
| # https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-18-04 | |
| # | |
| PermitRootLogin no | |
| # Limit maximum number of authentication attempts for a particular login session | |
| MaxAuthTries 3 | |
| # Prevent certain denial-of-service attacks where multiple authentication sessions are kept open for a prolonged period of time | |
| LoginGraceTime 20 | |
| # Use configured SSH keys for authentication | |
| PasswordAuthentication no | |
| PermitEmptyPasswords no | |
| # Disable other authentication methods | |
| ChallengeResponseAuthentication no | |
| KerberosAuthentication no | |
| GSSAPIAuthentication no | |
| # Disable x forwarding unless required | |
| X11Forwarding no | |
| # Prevent connecting clients from passing custom environment variables | |
| PermitUserEnvironment no | |
| # Disable miscellaneous options for tunneling and forwarding | |
| AllowAgentForwarding no | |
| AllowTcpForwarding no | |
| PermitTunnel no | |
| # Disable verbose SSH banner | |
| DebianBanner no | |
| # Only allow users from the local network | |
| AllowUsers pi@192.168.0.0/16 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment