alex0ptr
commented
5 years ago Thanks for the suggestion. I didn't know about these guidelines. I'll take a look once I find time.
Open palmerj opened 5 years ago
alex0ptr
commented
5 years ago Thanks for the suggestion. I didn't know about these guidelines. I'll take a look once I find time.
palmerj
commented
5 years ago Cool. Also found this which is useful too https://github.com/nasatome/First-Steps-and-Hardening-in-Ubuntu-Server-And-Docker#hardening-ssh
Maybe following CIS guidelines to thing about:
CIS - 9.3.1 Set SSH Protocol to 2 CIS - 9.3.2 Set LogLevel to INFO CIS - 9.3.3 Set Permissions on /etc/ssh/sshd_config CIS - 9.3.(4,7,8,9,10) Disable some SSH options CIS - 9.3.5 Set SSH MaxAuthTries to 4 or Less CIS - 9.3.6 Set SSH IgnoreRhosts to Yes CIS - 9.3.11 Use Only Approved Cipher in Counter Mode CIS - 9.3.12.2 Set Idle Timeout Interval for User Login CIS - 9.3.13.1 Limit Access via SSH (DenyUsers) CIS - 9.3.13.1 Limit Access via SSH (AllowUsers) CIS - 9.3.14 Set SSH Banner CIS v2 - 5.2.11 Ensure only approved MAC algorithms are used