From 7a016a75997320804796c2f8e80f693c1cda18c4 Mon Sep 17 00:00:00 2001
From: Pratham Patel <thefirst1322@gmail.com>
Date: Wed, 28 Dec 2022 17:50:24 +0530
Subject: [PATCH] bluefeds: added a step for SSH hardening

---
 content/posts/bluefeds.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/content/posts/bluefeds.md b/content/posts/bluefeds.md
index 2f2405e..1eb902a 100644
--- a/content/posts/bluefeds.md
+++ b/content/posts/bluefeds.md
@@ -59,6 +59,26 @@ echo "wireguard" | sudo tee /etc/modules-load.d/wireguard.conf
 ```
 
 
+### SSH hardening
+
+```bash
+ssh pratham@localhost
+exit
+
+vim ~/.ssh/authorized_keys
+chmod 644 ~/.ssh/authorized_keys
+
+sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 300/g' /etc/ssh/sshd_config
+sudo sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 2/g' /etc/ssh/sshd_config
+sudo sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config
+
+sudo systemctl restart sshd.service
+```
+
+
 ### Modify motd
 
 ```bash