From 52ec354da921e537758a2a38816d01669fd12a4e Mon Sep 17 00:00:00 2001 From: Mohammed Amar-Bensaber Date: Tue, 8 Oct 2024 22:49:47 +0200 Subject: ssh: limit overall login attempts and interactions Additionally also disable any unnecessary/unused features by default. --- files/etc/ssh/sshd_config.d/custom.conf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'files') diff --git a/files/etc/ssh/sshd_config.d/custom.conf b/files/etc/ssh/sshd_config.d/custom.conf index ac755e6..e913444 100644 --- a/files/etc/ssh/sshd_config.d/custom.conf +++ b/files/etc/ssh/sshd_config.d/custom.conf @@ -1,3 +1,20 @@ +# Authentication +LoginGraceTime 2m +PermitRootLogin prohibit-password +StrictModes yes +MaxAuthTries 6 +MaxSessions 10 + # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no + +# Kerberos options +KerberosAuthentication no + +# GSSAPI options +GSSAPIAuthentication no + +# TODO: Confirm that this is not overridden by the global configuration file? +# X11 is not installed on this machine anyway. +X11Forwarding no -- cgit v1.2.3