mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 09:14:18 +00:00
Make MaxAuthTries configurable
This commit is contained in:
parent
3a79dab5d8
commit
2bc353b7a9
2 changed files with 4 additions and 1 deletions
|
@ -29,6 +29,9 @@ ssh_listen_to: ['0.0.0.0'] # sshd
|
|||
# Host keys to look for when starting sshd.
|
||||
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key'] # sshd
|
||||
|
||||
# Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged.
|
||||
ssh_max_auth_retries: 2
|
||||
|
||||
ssh_client_alive_interval: 600 # sshd
|
||||
ssh_client_alive_count: 3 # sshd
|
||||
# one or more hosts, to which ssh-client can connect to. Default is empty, but should be configured for security reasons!
|
||||
|
|
|
@ -125,7 +125,7 @@ UsePrivilegeSeparation {% if (ansible_distribution == 'Debian' and ansible_distr
|
|||
|
||||
PermitUserEnvironment no
|
||||
LoginGraceTime 30s
|
||||
MaxAuthTries 2
|
||||
MaxAuthTries {{ssh_max_auth_retries}}
|
||||
MaxSessions 10
|
||||
MaxStartups 10:30:100
|
||||
|
||||
|
|
Loading…
Reference in a new issue