ansible-collection-famedly-.../roles/ssh
2024-09-04 16:39:04 +02:00
..
defaults chore(ssh): switch default preset from bsi recommendations to our own 2023-09-27 12:57:19 +02:00
handlers feat(ssh): add support for restarting sshd on Chimera Linux 2024-09-04 16:39:04 +02:00
tasks fix(ssh): make role more idempotent 2024-07-05 10:47:24 +02:00
vars chore(ssh): disallow terrapin-vulnerable ciphers.. 2023-12-19 14:22:25 +01:00
README.md chore: update READMEs 2021-09-07 08:59:51 +02:00

famedly.base.ssh ansible role for SSH hardening

This role is used for basic hardening of a SSH daemon. It features common basic hardening features like disabling root login, requiring pubkey authentication and disabling some unsafe-ish, rarely used features.

Features

  • PasswordAuthentication no which makes BF-attempts harder
  • ChallengeResponseAuthentication no because we don't use it
  • PubkeyAuthentication yes because only key-based auth is allowed
  • PermitRootLogin no as it can pose a security threat
  • ClientAliveInterval 300 to disconnect all idle sessions after 300s=5m
  • Protocol 2 because SSHv1 has security issues and should not be used as fallback