Update SSH Hardening

Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
Thien Tran 2023-10-10 12:05:22 -07:00
parent 3ffaeccc7f
commit a99d1f5e1d
No known key found for this signature in database
GPG Key ID: 3DF2709723343A8F
4 changed files with 12 additions and 2 deletions

View File

@ -50,7 +50,7 @@
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
"contents": {
"compression": "",
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A"
"source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
}
},
{

View File

@ -105,6 +105,11 @@ storage:
contents:
inline: |
X11Forwarding no
HostKeyAlgorithms ssh-ed25519
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers aes256-gcm@openssh.com
MACs -*
KerberosAuthentication no
GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml
contents:

View File

@ -50,7 +50,7 @@
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
"contents": {
"compression": "",
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A"
"source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
}
},
{

View File

@ -123,6 +123,11 @@ storage:
contents:
inline: |
X11Forwarding no
HostKeyAlgorithms ssh-ed25519
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers aes256-gcm@openssh.com
MACs -*
KerberosAuthentication no
GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: