An XCCDF Group - A logical subset of the XCCDF Benchmark
/etc/ssh/sshd_config
sshd_config(5)
ClientAliveCountMax
ClientAliveInterval
0
/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf
ClientAliveInterval * ClientAliveCountMax
.rhosts
HostbasedAuthentication
HostbasedAuthentication no
firewalld
ssh
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload
Compression
PermitEmptyPasswords
PermitEmptyPasswords no
GSSAPIAuthentication
GSSAPIAuthentication no
KerberosAuthentication
KerberosAuthentication no
IgnoreRhosts
IgnoreRhosts yes
RhostsRSAAuthentication no
PermitRootLogin no
AllowTcpForwarding
AllowTcpForwarding no
IgnoreUserKnownHosts yes
X11Forwarding
X11Forwarding no
PermitUserEnvironment
PermitUserEnvironment no
UsePAM yes
PubkeyAuthentication
PubkeyAuthentication yes
StrictModes
.ssh
StrictModes yes
Banner /etc/issue
Banner /etc/issue.net
PrintLastLog
PrintLastLog yes
RekeyLimit
LoginGraceTime
LogLevel
LogLevel INFO
VERBOSE
LogLevel VERBOSE
MaxAuthTries
MaxSessions
MaxStartups
Include /etc/ssh/sshd_config.d/*.conf
/etc/ssh/sshd_config.d
UsePrivilegeSeparation
KexAlgorithms
MACs
X11UseLocalhost
yes
X11UseLocalhost yes