Bug#774711: OpenSSH settings hardening

To: 774711@bugs.debian.org
Cc: Mathew Binkley <mathew.binkley@vanderbilt.edu>
Subject: Bug#774711: OpenSSH settings hardening
From: Matt Taggart <matt@lackof.org>
Date: Wed, 17 Aug 2022 17:08:11 -0700
Message-id: <[🔎] 8dc81827-3e43-278e-98ea-dfe23b79da48@lackof.org>
Reply-to: Matt Taggart <matt@lackof.org>, 774711@bugs.debian.org
References: <20150106165255.23991.93052.reportbug@nymphadora.home.ludost.net>

Hi,

Some updates on OpenSSH config hardening

1) The ssh-audit tool that Mathew Binkley pointed out has been forkedand updated and lives at


  https://github.com/jtesta/ssh-audit

2) The sshaudit.com site now uses the above version.

3) The sshaudit.com site also now provides a hardening guide

  https://www.ssh-audit.com/hardening_guides.html

that was inspired by the original stribika.github.io page mentioned here.

I like Mathew's idea of aiming for a config that scores well, withcommented out configs for enabling compatibility for older clients.


--
Matt Taggart
matt@lackof.org

Reply to:

Prev by Date: Herzliche Glückwünsche
Next by Date: Bug#1018106: sshd: pam_env(sshd:session): deprecated reading of user environment enabled
Previous by thread: Herzliche Glückwünsche
Next by thread: Bug#1018106: sshd: pam_env(sshd:session): deprecated reading of user environment enabled
Index(es):
- Date
- Thread