Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Hardening provisioner #179

Open
26 tasks
mvgijssel opened this issue Apr 4, 2023 · 0 comments
Open
26 tasks

SSH Hardening provisioner #179

mvgijssel opened this issue Apr 4, 2023 · 0 comments

Comments

@mvgijssel
Copy link
Member

  • setup provisioner tests with testinfra
  • Harden SSH config
    • Setup fail2ban
    • Only allow key based authentication
    • Require password for sudo on Ubuntu user
    • Prevent root ssh
    • Limit users access to ssh
    • Setup ssh timeout
    • Limit concurrent ssh connections
    • Change ssh port
    • Disable ssh protocol 1
    • Disable empty passwords
    • disable x11 forwarding
    • Provision public keys
    • Limit authentication attempts
    • Limit grace period
    • only allow key based authentication
    • Disable permit user environments
    • Disable banner Debian
    • Set random root password
    • Update to latest openssh
    • ignore rhosts
    • disable unused cyphers
  • Setup port forward ssh port to provisioner
  • Generate ssh key for Pulumi
  • Prevent microk8s access without ssh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mvgijssel