c1d92a47b5
Mozilla has a set of guidelines for secure SSH configuration, which can be found at https://infosec.mozilla.org/guidelines/openssh. This commit creates a config file for OpenSSH that is based on the Mozilla's guidelines for secure SSH configuration. This configuration; - Sets the preference order of HostKey algorithms - Sets the allowed KexAlgorithms, Ciphers and MAC algorithms - Disables the use of password authentication - Increases logging level to VERBOSE Final one also ensures that we are logging which SSH key is used to login to the server. This is useful for auditing purposes and SOC2. Mozilla also recommends disabling root login, but this is not done in this commit, because implementing that requires a bit more work and some change in how we set the hosts up. I wanted to push this commit out quickly.
3.9 KiB
Executable File
3.9 KiB
Executable File