s83/privacy-guides
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ADD: use ed25519 host key, limit ssh login attempts

Browse source
This commit is contained in:
Go Compile 2022-05-25 17:01:03 +01:00
parent 3c9073de1e
commit 6746a4d00a
No known key found for this signature in database
GPG key ID: 53F4922E9D5497B8
1 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

16
how-to-configure-hardened-debian-server/README.md
View file

@ -2,8 +2,8 @@
Title: How to configure hardened Debian server
Description: Learn how to configure hardened Debian server.
Author: Sun Knudsen <https://github.com/sunknudsen>
Contributors: Sun Knudsen <https://github.com/sunknudsen>
Reviewers:
Contributors: Sun Knudsen <https://github.com/sunknudsen>, Go Compile <https://github.com/go-compile>
Reviewers: Go Compile <https://github.com/go-compile>
Publication date: 2020-11-27T10:00:26.806Z
Listed: true
-->
@ -165,6 +165,18 @@ su -
```shell
sed -i -E 's/^(#)?PermitRootLogin (prohibit-password|yes)/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i -E 's/^(#)?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
```
#### Limit login attempts and use `Ed25519` host key
```shell
sed -i -E 's/^(#)?MaxAuthTries 6/MaxAuthTries 2/' /etc/ssh/sshd_config
sed -i -E 's/^(#)?HostKey \/etc\/ssh\/ssh_host_ed25519_key/HostKey \/etc\/ssh\/ssh_host_ed25519_key/' /etc/ssh/sshd_config
```
#### Restart SSH daemon
```shell
systemctl restart ssh
```