Here is a sshd_config configuration file for the SSHD service annotate according to Cybionet standards.
- Complies with STIG recommendations
- Complies with Cisofy recommendations
- Complies with RHEL CCE recommendations
- Verification done with ssh-audit for
- Key exchange algorithms
- Host-key algorithms
- Encryption algorithms
- Message authentication code algorithms
- And a lot of useful comments in the configuration.
- Uses a restricted group to allow the user to login via SSH.
- Create the restricted group.
sudo groupadd restricted
- Then add your user to this group.
sudo usermod -a -G restricted yourusername
- Add a sudoers file to allow restricted group to use sudo command.
sudo vim /etc/sudoers.d/restricted
and put this line in the file.
# Allow all user in restricted group to sudo for all commands.
%restricted ALL=(ALL) ALL
- TEST!! Don't disconnect your SSH session, and try to establish a new SSH connection to see if everything work fine.
Use Google-Authenticator or a SSH Key with the SSH service to improve its security.