bluefeds: added a step for SSH hardening

2022-12-28 17:50:24 +05:30 · 2022-12-28 17:50:24 +05:30 · 7a016a7599
parent 218d7b11ce
commit 7a016a7599
1 changed files with 20 additions and 0 deletions
--- a/content/posts/bluefeds.md
+++ b/content/posts/bluefeds.md
@ -59,6 +59,26 @@ echo "wireguard" | sudo tee /etc/modules-load.d/wireguard.conf
 ```


+### SSH hardening
+
+```bash
+ssh pratham@localhost
+exit
+
+vim ~/.ssh/authorized_keys
+chmod 644 ~/.ssh/authorized_keys
+
+sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 300/g' /etc/ssh/sshd_config
+sudo sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 2/g' /etc/ssh/sshd_config
+sudo sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config
+
+sudo systemctl restart sshd.service
+```
+
+
 ### Modify motd

 ```bash