Sshbastion

From HoerupWiki

Revision as of 20:45, 28 October 2017 by Torben (talk | contribs) (Created page with "=ref= * https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/ =sshd basic= * make sure ssh root is cert only or disabled * Per...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

ref

https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/

sshd basic

make sure ssh root is cert only or disabled
PermitRootLogin prohibit-password
AllowTcpForwarding no
X11Forwarding no
Only allow certain group to ssh
AllowGroups sshusers

proc

Make sure users can't see other users processes:

proc /proc proc defaults,hidepid=2 0 0

Retrieved from "https://wiki.t-hoerup.dk/index.php?title=Sshbastion&oldid=11868"