Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
[enh] Clean + harden sshd config using Mozilla recommendation #590
There are various settings which can be improved in the sshd configuration to increase security.
I used the Mozilla recommendation which I found here : https://infosec.mozilla.org/guidelines/openssh
I also cleaned a few things : many weird commented settings which are unlikely to be used, or settings which corresponds to the default setting and therefore unnecessary to state them.
Of course, the best security gain in here would be to disable password authentication... To quote a guy from Stack Overflow : « The authentication and negotiation ciphers are far more important than the symmetric algorithm for the overall security »
Tested in a dev environnement ... but we should be careful and test this in various setups. (e.g. does this break putty ? etc...)
How to test
This is built on top of #518 - you'll need to apply the migration, make sure you are using the new conf and see if everything works as expected