Published

Tue 28 July 2020

←Home

Configuration SSH, mode hardening

Port 15000
ListenAddress 172.16.0.200
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
LogLevel VERBOSE
AuthorizedKeysFile      /etc/ssh/authorized_keys
AuthenticationMethods publickey password
LoginGraceTime 2m
PermitRootLogin no
MaxAuthTries 2
MaxSessions 2
PubkeyAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
Compression no
AllowTcpForwarding no
ClientAliveCountMax 2
TCPKeepAlive No
AllowAgentForwarding no
AcceptEnv LANG LC_*
Subsystem sftp  /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
UsePrivilegeSeparation sandbox
Go Top