Daniel Micay
|
84ca6bfa27
|
sshd: sntrup761x25519-sha512@openssh.com kex only
|
2022-07-22 19:55:59 -04:00 |
|
Daniel Micay
|
d7c23eac02
|
disable unused AES-GCM cipher suites
|
2022-07-22 19:11:28 -04:00 |
|
Daniel Micay
|
1a195570c8
|
sshd: disable unused agent forwarding feature
This is a misguided feature and while this doesn't meaningfully reduce
attack surface, it makes sense not to enable it.
|
2022-07-11 19:57:42 -04:00 |
|
Daniel Micay
|
f1005cf339
|
user-based whitelist for ssh access
|
2021-11-27 20:33:48 -05:00 |
|
Daniel Micay
|
87db85274a
|
sshd: raise MaxStartups to 4096
|
2021-09-06 02:42:22 -04:00 |
|
Daniel Micay
|
c315170cd6
|
sshd: reduce MaxAuthTries to 2
|
2021-09-06 02:38:16 -04:00 |
|
Daniel Micay
|
f56f094c97
|
sshd: limit per-source max startups to 1
|
2021-09-06 02:38:08 -04:00 |
|
Daniel Micay
|
43681fa913
|
sshd: reduce LoginGraceTime to 15s
|
2021-09-06 02:38:06 -04:00 |
|
Daniel Micay
|
613251176d
|
explicitly disable all standalone MACs (AEAD only)
|
2021-08-23 09:23:16 -04:00 |
|
Daniel Micay
|
566a7e2ccb
|
update to OpenSSH 8.7
|
2021-08-23 02:37:28 -04:00 |
|
Daniel Micay
|
d24d24926a
|
add subset of shared configuration files
|
2021-07-28 08:23:04 -04:00 |
|