GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → k4yt3x → Sshd_config

k4yt3x / Sshd_config

Licence: gpl-3.0
K4YT3X's Hardened OpenSSH Server Configuration

Labels

linuxsecuritysshhardeningopenssh

Projects that are alternatives of or similar to Sshd config

Corkscrew
Corkscrew is a tool for tunneling SSH through HTTP proxies.
Stars: ✭ 149 (+204.08%)
Mutual labels:  ssh, openssh
girltalk
A tool for helping stand up headless C2 for droppables.
Stars: ✭ 16 (-67.35%)
Mutual labels:  ssh, openssh
Ansible Sshd
Ansible role to configure the OpenSSH server daemon
Stars: ✭ 163 (+232.65%)
Mutual labels:  ssh, openssh
Xxh
🚀 Bring your favorite shell wherever you go through the ssh.
Stars: ✭ 2,559 (+5122.45%)
Mutual labels:  ssh, openssh
Sharkey
Sharkey is a service for managing certificates for use by OpenSSH
Stars: ✭ 360 (+634.69%)
Mutual labels:  ssh, openssh
Awesome Ssh
💻 A curated list of SSH resources.
Stars: ✭ 1,742 (+3455.1%)
Mutual labels:  ssh, openssh
Curse
CURSE is an SSH certificate signing server, built as an alternative to Netflix's BLESS tool, but without a dependency on AWS.
Stars: ✭ 200 (+308.16%)
Mutual labels:  ssh, openssh
Ssh Baseline
DevSec SSH Baseline - InSpec Profile
Stars: ✭ 192 (+291.84%)
Mutual labels:  ssh, hardening
Aws Gate
Better AWS SSM Session manager CLI client
Stars: ✭ 294 (+500%)
Mutual labels:  ssh, hardening
jsch
fork of the popular jsch library
Stars: ✭ 127 (+159.18%)
Mutual labels:  ssh, openssh
Sidedoor
SSH connection daemon for Debian/Raspbian/Ubuntu/etc
Stars: ✭ 97 (+97.96%)
Mutual labels:  ssh, openssh
Cashier
A self-service CA for OpenSSH
Stars: ✭ 590 (+1104.08%)
Mutual labels:  ssh, openssh
Openssh Rs
Scriptable SSH through OpenSSH in Rust
Stars: ✭ 58 (+18.37%)
Mutual labels:  ssh, openssh
Chef Ssh Hardening
This chef cookbook provides secure ssh-client and ssh-server configurations.
Stars: ✭ 144 (+193.88%)
Mutual labels:  ssh, hardening
shim
The Userify Shim (cloud agent)
Stars: ✭ 57 (+16.33%)
Mutual labels:  ssh, openssh
Wsl Ssh Pageant
A Pageant -> TCP bridge for use with WSL, allowing for Pageant to be used as an ssh-ageant within the WSL environment.
Stars: ✭ 381 (+677.55%)
Mutual labels:  ssh, openssh
Ansible Ssh Hardening
This Ansible role provides numerous security-related ssh configurations, providing all-round base protection.
Stars: ✭ 746 (+1422.45%)
Mutual labels:  ssh, hardening
Wssh
WSSH Is a tool for brute forcing servers that has port 22 open via ssh, wssh is probably the fastest ssh brute forcer available
Stars: ✭ 21 (-57.14%)
Mutual labels:  ssh
Sshkit
A toolkit for deploying code and assets to servers in a repeatable, testable, reliable way.
Stars: ✭ 989 (+1918.37%)
Mutual labels:  ssh
Connect2ssh
Manage SSH and SSHFS connections via the command line using BASH!
Stars: ✭ 15 (-69.39%)
Mutual labels:  ssh
View All Similar Projects ➔

K4YT3X's Hardened OpenSSH Server Configuration

This repository hosts my hardened version of OpenSSH server (7.4+) configuration file.

Please review the configuration file carefully before applying it. You are responsible for actions done to your own system.

Usages

  1. Download the file sshd_config from the repository
  2. Review the content of the sshd_config file to make sure all settings are suitable for your system
  3. Backup your current /etc/ssh/sshd_config file
  4. Overwrite the old sshd_config file with the downloaded sshd_config file
  5. Run the appropriate command to restart the SSH service (e.g., sudo systemctl restart ssh)
# download the configuration file from GitHub using curl or other methods
curl https://raw.githubusercontent.com/k4yt3x/sshd_config/master/sshd_config -o ~/sshd_config

# backup the original sshd_config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

# replace the old sshd_config with the new one
sudo mv ~/sshd_config /etc/ssh/sshd_config

# make sure the file has the correct ownership and permissions
sudo chown root:root /etc/ssh/sshd_config
sudo chmod 644 /etc/ssh/sshd_config

# use systemctl to reload the SSH server and apply the new configurations
# on some distributions the SSH server service is called sshd
sudo systemctl restart ssh

For convenience, I have pointed the URL https://akas.io/sshd to the sshd_config file. You may therefore download the sshd_config file with the following command. However, be sure to check the integrity of the file after downloading it if you choose to download using this method.

curl -sSL akas.io/sshd -o sshd_config

It's recommended to use the ssh-audit script to check the cryptographic strength of your SSH server after done configuring it.

Deactivating Short Diffie-Hellman Moduli

Diffie-Hellman moduli used for diffie-hellman-group-exchange-sha256 should be at lest 3072 bits long according to Mozilla's OpenSSH server hardening guide. This can be done with the following commands.

# backup original moduli file
cp /etc/ssh/moduli /etc/ssh/moduli.backup

# find lines with moduli >= 3071 bits and save them to moduli.tmp
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp

# overwrite original moduli file with the updated one
mv /etc/ssh/moduli.tmp /etc/ssh/moduli
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].