You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default value for ssh_max_startups in the ssh_hardening role is '10:30:100'.
This same value is also the default for OpenSSHd.
If I have understood the manuals correctly, the default value is not doing any hardening at all.
Describe the solution you'd like
I would like the default value to be changed to 10:30:60.
This is the CIS level 1 recommendation.
Additional context
CIS CentOS 7 benchmark:
5.2.21 Ensure SSH MaxStartups is configured (Automated)
Profile Applicability:
Level 1 - Server
Level 1 - Workstation
Description:
The MaxStartups parameter specifies the maximum number of concurrent unauthenticated
connections to the SSH daemon.
Rationale:
To protect a system from denial of service due to a large number of pending authentication
connection attempts, use the rate limiting function of MaxStartups to protect availability of
sshd logins and prevent overwhelming the daemon.
Audit:
Run the following command and verify that output MaxStartups is 10:30:60 or matches
site policy:
The default value for
ssh_max_startups
in the ssh_hardening role is'10:30:100'
.This same value is also the default for OpenSSHd.
If I have understood the manuals correctly, the default value is not doing any hardening at all.
Describe the solution you'd like
I would like the default value to be changed to
10:30:60
.This is the CIS level 1 recommendation.
Additional context
CIS CentOS 7 benchmark:
Remediation:
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
maxstartups 10:30:60
Default Value:
MaxStartups 10:30:100
The text was updated successfully, but these errors were encountered: