Matt Borja

Hardened SSH Configuration

Port <random>
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
SyslogFacility AUTHPRIV
LogLevel INFO
LoginGraceTime 60
PermitRootLogin no
MaxAuthTries 4
HostbasedAuthentication no
IgnoreRhosts yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding no
PermitUserEnvironment no
ClientAliveInterval 300
ClientAliveCountMax 5
UseDNS no
Banner none
Subsystem       sftp    /usr/libexec/openssh/sftp-server