An XCCDF Group - A logical subset of the XCCDF Benchmark
sshd
openssh-server
/etc/ssh/sshd_config
$ sudo chgrp root /etc/ssh/sshd_config
/etc/ssh/*_key
ssh_keys
/etc/ssh/*.pub
root
$ sudo chown root /etc/ssh/sshd_config
$ sudo chmod 0600 /etc/ssh/sshd_config
0600
0640
$ sudo chmod 0644 /etc/ssh/*.pub
sshd_config(5)
ClientAliveCountMax
ClientAliveInterval
0
ClientAliveInterval * ClientAliveCountMax
.rhosts
HostbasedAuthentication
/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf
HostbasedAuthentication no
PermitEmptyPasswords
PermitEmptyPasswords no
IgnoreRhosts
IgnoreRhosts yes
PermitRootLogin no
AllowTcpForwarding
AllowTcpForwarding no
X11Forwarding
X11Forwarding no
PermitUserEnvironment
PermitUserEnvironment no
UsePAM yes
Banner /etc/issue.net
LoginGraceTime
VERBOSE
LogLevel VERBOSE
MaxAuthTries
MaxSessions
MaxStartups