Skip to content

aerogami-cookbooks/ssh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
attributes
attributes
 
 
recipes
recipes
 
 
.gitignore
.gitignore
 
 
Berksfile
Berksfile
 
 
Gemfile
Gemfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Thorfile
Thorfile
 
 
Vagrantfile
Vagrantfile
 
 
chefignore
chefignore
 
 
metadata.rb
metadata.rb
 
 

Repository files navigation

SSH cookbook

This cookbook configures basic security settings for a new server.

  1. It disables root access.
  2. It disables password authentication.
  3. It disables PAM.

This cookbook is based in part on https://github.com/gchef/ssh-cookbook.git.

Requirements

This cookbook is only tested on Ubuntu.

Usage

Include this cookbook in your Berksfile.

cookbook 'ssh', git: 'aerogami-cookbooks/ssh'

Install the cookbook.

berks install

Add to your chef kitchen and use as desired.

Attributes

SSH Port

Change the SSH port especially if you are not using something like fail2ban; be warned that security by obscurity is not security.

default[:ssh][:port] = '22'

Root Login

You should disable root login.

default[:ssh][:permit_root_login] = 'no'

Password Login

You should also disable password login.

default[:ssh][:password_authentication] = 'no'

PAM and Challenge Response Authentication

default[:ssh][:use_pam] = 'no'
default[:ssh][:challenge_response_authentication] = 'no'

Empty Passwords

This is probably default behaviour on most distros.

default[:ssh][:permit_empty_passwords] = 'no'

Author

Mohamad El-Husseini

www.aerogami.com.br

About

Sane and secure SHH defaults for newly provisioned servers.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages