diff options
| author | Pacien TRAN-GIRARD | 2016-11-08 17:03:20 +0100 |
|---|---|---|
| committer | Pacien TRAN-GIRARD | 2016-11-08 17:06:20 +0100 |
| commit | 7c518c4d7d98f4afc1f095c23f4c6894915bbd4f (patch) | |
| tree | 5168944954db3dbc617e8ee470c466a4efc33ca9 /README.md | |
| parent | 3ff8396faddc994b180e7836764728cb03d4dc79 (diff) | |
| download | ssh-hardened-7c518c4d7d98f4afc1f095c23f4c6894915bbd4f.tar.gz | |
Add setup instructions
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 10 |
1 files changed, 10 insertions, 0 deletions
| @@ -7,6 +7,16 @@ Purpose | |||
| 7 | This repository contains an hardened version of the default OpenSSH client and server configuration, disabling broken ciphers and unsafe authentication methods. | 7 | This repository contains an hardened version of the default OpenSSH client and server configuration, disabling broken ciphers and unsafe authentication methods. |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | Installation | ||
| 11 | ------------ | ||
| 12 | |||
| 13 | - `groupadd ssh-user` and `usermod -a -G ssh-user <username>` for each user allowed to use SSH. | ||
| 14 | - Deploy user public keys before continuing | ||
| 15 | - Clone this repo into `/etc/ssh/` | ||
| 16 | - Uncomment `KexDHMin 4096` in `ssh{,d}_config` if supported by the installed OpenSSH | ||
| 17 | - Regenerate `ssh_host_rsa_key{,.pub}` of length 4096 if lower | ||
| 18 | |||
| 19 | |||
| 10 | References | 20 | References |
| 11 | ---------- | 21 | ---------- |
| 12 | 22 | ||