Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #31 from hardening-io/max_auth_tries

Browse source 
Make MaxAuthTries configurable
This commit is contained in:
Christoph Hartmann 2015-08-06 23:39:14 -07:00
commit 950210348f
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
roles/ansible-ssh-hardening/defaults/main.yml
View file

@ -29,6 +29,9 @@ ssh_listen_to: ['0.0.0.0'] # sshd
# Host keys to look for when starting sshd.
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key'] # sshd
# Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged.
ssh_max_auth_retries: 2
ssh_client_alive_interval: 600 # sshd
ssh_client_alive_count: 3 # sshd
# one or more hosts, to which ssh-client can connect to. Default is empty, but should be configured for security reasons!

2
roles/ansible-ssh-hardening/templates/opensshd.conf.j2
View file

@ -121,7 +121,7 @@ UsePrivilegeSeparation {% if (ansible_distribution == 'Debian' and ansible_distr
PermitUserEnvironment no
LoginGraceTime 30s
MaxAuthTries 2
MaxAuthTries {{ssh_max_auth_retries}}
MaxSessions 10
MaxStartups 10:30:100