mirror of
https://github.com/famedly/ansible-collection-base
synced 2024-11-10 06:24:17 +00:00
.. | ||
defaults | ||
handlers | ||
tasks | ||
vars | ||
README.md |
famedly.base.ssh
ansible role for SSH hardening
This role is used for basic hardening of a SSH daemon. It features common basic hardening features like disabling root login, requiring pubkey authentication and disabling some unsafe-ish, rarely used features.
Features
PasswordAuthentication no
which makes BF-attempts harderChallengeResponseAuthentication no
because we don't use itPubkeyAuthentication yes
because only key-based auth is allowedPermitRootLogin no
as it can pose a security threatClientAliveInterval 300
to disconnect all idle sessions after 300s=5mProtocol 2
because SSHv1 has security issues and should not be used as fallback