Difference between revisions of "Sshbastion"
(Created page with "=ref= * https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/ =sshd basic= * make sure ssh root is cert only or disabled * Per...") |
|||
| Line 2: | Line 2: | ||
* https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/ | * https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/ | ||
| + | ** if using this script use | ||
| + | ** chattr +a /var/log/bastion/ | ||
=sshd basic= | =sshd basic= | ||
Revision as of 20:46, 28 October 2017
ref
- https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/
- if using this script use
- chattr +a /var/log/bastion/
sshd basic
- make sure ssh root is cert only or disabled
- PermitRootLogin prohibit-password
- AllowTcpForwarding no
- X11Forwarding no
- Only allow certain group to ssh
- AllowGroups sshusers
proc
Make sure users can't see other users processes:
- proc /proc proc defaults,hidepid=2 0 0
