Mirrors/ansible-collection-famedly-base
2
0
Fork 0
mirror of https://github.com/famedly/ansible-collection-base synced 2024-09-20 06:11:58 +00:00
Code Issues Projects Releases Packages Wiki Activity
ansible-collection-famedly-.../roles/ssh
History
Lars Kaiser b4c259dd1d
feat(ssh): allow configuring MaxStartups
2024-02-29 15:22:53 +01:00
..
defaults chore(ssh): switch default preset from bsi recommendations to our own 2023-09-27 12:57:19 +02:00
handlers feat(ssh): support runit for service reloading 2023-02-20 14:50:10 +01:00
tasks feat(ssh): allow configuring MaxStartups 2024-02-29 15:22:53 +01:00
vars chore(ssh): disallow terrapin-vulnerable ciphers.. 2023-12-19 14:22:25 +01:00
README.md chore: update READMEs 2021-09-07 08:59:51 +02:00

README.md

famedly.base.ssh ansible role for SSH hardening

This role is used for basic hardening of a SSH daemon. It features common basic hardening features like disabling root login, requiring pubkey authentication and disabling some unsafe-ish, rarely used features.

Features

  • PasswordAuthentication no which makes BF-attempts harder
  • ChallengeResponseAuthentication no because we don't use it
  • PubkeyAuthentication yes because only key-based auth is allowed
  • PermitRootLogin no as it can pose a security threat
  • ClientAliveInterval 300 to disconnect all idle sessions after 300s=5m
  • Protocol 2 because SSHv1 has security issues and should not be used as fallback