GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → cloud9ers → secure-sshd-salt

cloud9ers / secure-sshd-salt

Licence: other
Salt recipe to automatically secure sshd (and piss off the NSA)

Programming Languages

SaltStack
118 projects

What is it

Salt recipe to automatically secure sshd hard enough to piss off the NSA! Automation work done by Cloud9ers.com, feel free to contact us for anything

Installation

This salt recipe only supports rhel/centos 7 style operating systems. Pull requests to support more OSs are welcome. The reason for not supporting older rhel OSs, is that sshd version 6.5 or better is required

Install SaltStack

yum install -y epel-release
yum install -y salt-minion python-augeas

Clone the repo

cd /tmp && git clone https://github.com/cloud9ers/secure-sshd-salt.git
mkdir -p /srv/salt/
cp secure-sshd-salt/secure-sshd-salt.sls /srv/salt

Run it

The following is just one way to run this salt state. I recommend doing it this way, because this mode of operation does not need a salt master (server). If however, you are already running a salt master server, feel free to integrate with your other states

salt-call --local state.sls ssh

Note: Pull requests to support other operating systems are very welcome, as are PRs to improve the implementation. Use this at your own risk. It has not been meticulously tested.

Credits

Credits for the original work to improve sshd configuration security is due to https://stribika.github.io/2015/01/04/secure-secure-shell.html

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].