Sshbastion: Difference between revisions
Jump to navigation
Jump to search
Created page with "=ref= * https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/ =sshd basic= * make sure ssh root is cert only or disabled * Per..." |
No edit summary |
||
| Line 2: | Line 2: | ||
* https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/ | * https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/ | ||
** if using this script use | |||
** chattr +a /var/log/bastion/ | |||
=sshd basic= | =sshd basic= | ||
Revision as of 19:46, 28 October 2017
ref
- https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/
- if using this script use
- chattr +a /var/log/bastion/
sshd basic
- make sure ssh root is cert only or disabled
- PermitRootLogin prohibit-password
- AllowTcpForwarding no
- X11Forwarding no
- Only allow certain group to ssh
- AllowGroups sshusers
proc
Make sure users can't see other users processes:
- proc /proc proc defaults,hidepid=2 0 0