mirror of https://github.com/famedly/ansible-collection-base synced 2024-11-10 06:24:17 +00:00

History

Jan Christian Grünhage 35bc21a0c0 feat(ssh): support runit for service reloading		2023-02-20 14:50:10 +01:00
..
defaults	chore(ssh): make ansible-lint happy	2023-02-20 14:48:59 +01:00
handlers	feat(ssh): support runit for service reloading	2023-02-20 14:50:10 +01:00
tasks	feat(ssh): allow not restricting algorithms	2023-02-20 14:49:03 +01:00
vars	chore(ssh): make ansible-lint happy	2023-02-20 14:48:59 +01:00
README.md	chore: update READMEs	2021-09-07 08:59:51 +02:00

README.md

`famedly.base.ssh` ansible role for SSH hardening

This role is used for basic hardening of a SSH daemon. It features common basic hardening features like disabling root login, requiring pubkey authentication and disabling some unsafe-ish, rarely used features.

Features

PasswordAuthentication no which makes BF-attempts harder
ChallengeResponseAuthentication no because we don't use it
PubkeyAuthentication yes because only key-based auth is allowed
PermitRootLogin no as it can pose a security threat
ClientAliveInterval 300 to disconnect all idle sessions after 300s=5m
Protocol 2 because SSHv1 has security issues and should not be used as fallback

README.md

famedly.base.ssh ansible role for SSH hardening

Features

`famedly.base.ssh` ansible role for SSH hardening