bsdlabs / ssh-hardening Goto Github PK
View Code? Open in Web Editor NEWFreeBSD SSH Hardening
Home Page: https://github.com/jtesta/ssh-audit/wiki/FreeBSD
License: BSD 2-Clause "Simplified" License
FreeBSD SSH Hardening
Home Page: https://github.com/jtesta/ssh-audit/wiki/FreeBSD
License: BSD 2-Clause "Simplified" License
If the domain has DNSSEC, recommend the addition of an SSHFP record.
Per upstream sshaudit.com: SSH Client Hardening Guides
~/.ssh/config
for supported FreeBSD versionsLet's wait a few hours/days to re-run all tests.
This will bring the tests back to green.
There have been issues with the uploading of new images to GCE (which is what Cirrus CI uses), see PR 272354.
Let's wait until the dust settles and re-run the failed tests.
The SSH Hardening Guides leverage 4096-bit RSA keys as standard. The command service sshd keygen
produces a 3072-bit RSA key.
I acknowledge the practical security of the two (3072, 4096) still puts both of them in the realm of unbreakable.
We'd like FreeBSD SSH Server & Client Hardening Guides upstream and listed on sshaudit.com, ideally in the Official list (find out how).
Submission Instructions: https://github.com/jtesta/ssh-audit/wiki/SSH-Hardening-Guides-Index
Depends-On #2
Client auditing (ssh-audit -c
) is not working on FreeBSD.
Upstream has changed the default RSA keys in favor of Ed25519 keys.
To appease a large segment of our audience, do the same for -CURRENT. This should allow us to achieve a 100% score
Add [email protected]
and [email protected]
to client14.md
once libfido2 et al. are wired in (D32448, D32509)
UsePAM no
UseDNS no
VersionAddendum none
For server config, just noting, that the key exchange algorithm diffie-hellman-group14-sha256
is listed as being present in the "Comparative table: Default vs. Hardened" under Hardened config, but it hasn't been included as a key exchange algorithm in the supplied command.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.