ssh: limit overall login attempts and interactions

Additionally also disable any unnecessary/unused features by default.
author: Mohammed Amar-Bensaber <renken@shione.net> 2024-10-08 22:49:47 +0200
committer: Mohammed Amar-Bensaber <renken@shione.net> 2024-10-08 22:49:47 +0200
commit: 52ec354da921e537758a2a38816d01669fd12a4e (patch)
tree: 40ac1aadd0b83b690ffcddc8c61d998bd9517204
parent: ceeba484f629772151521402fa6b003e317872dc (diff)
download: shione-52ec354da921e537758a2a38816d01669fd12a4e.tar.gz
shione-52ec354da921e537758a2a38816d01669fd12a4e.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/files/etc/ssh/sshd_config.d/custom.conf b/files/etc/ssh/sshd_config.d/custom.conf
index ac755e6..e913444 100644
--- a/files/etc/ssh/sshd_config.d/custom.conf
+++ b/files/etc/ssh/sshd_config.d/custom.conf
@@ -1,3 +1,20 @@
+# Authentication
+LoginGraceTime 2m
+PermitRootLogin prohibit-password
+StrictModes yes
+MaxAuthTries 6
+MaxSessions 10
+
 # To disable tunneled clear text passwords, change to no here!
 PasswordAuthentication no
 PermitEmptyPasswords no
+
+# Kerberos options
+KerberosAuthentication no
+
+# GSSAPI options
+GSSAPIAuthentication no
+
+# TODO: Confirm that this is not overridden by the global configuration file?
+# X11 is not installed on this machine anyway.
+X11Forwarding no
author	Mohammed Amar-Bensaber <renken@shione.net>	2024-10-08 22:49:47 +0200
committer	Mohammed Amar-Bensaber <renken@shione.net>	2024-10-08 22:49:47 +0200
commit	52ec354da921e537758a2a38816d01669fd12a4e (patch)
tree	40ac1aadd0b83b690ffcddc8c61d998bd9517204
parent	ceeba484f629772151521402fa6b003e317872dc (diff)
download	shione-52ec354da921e537758a2a38816d01669fd12a4e.tar.gz shione-52ec354da921e537758a2a38816d01669fd12a4e.zip