dborg92
commented
8 years ago current rules do the following
Disable root login over SSH Disable SSH password login Set SSH Authentication Methods Set SSH privilege sep Disable X11 Forwarding Set modern SSH ciphers Set modern SSH MACs
I've been unable to get any continued access after running this role since day 1. Just spent some time trying to identify the problem tonight. first and foremost, the modern ssh ciphers and MAC's cause the ssh server service to crash. are there special packages we'll need to make sure the system has in order to use these?
Current stuff was just off the top of my head. We should think about our needs a bit more and tweak config accordingly.