Risk name:make sure SSH MaxAuthTries is set between 3-6
Reinforcement recommendations
Remove the MaxAuthTries comment symbol # in /etc/ssh/sshd_config,

set the maximum number of failed password attempts 3-6 recommended 4

MaxAuthTries 4
It is recommended to make records and backup during Operation
风险名称:确保 SSH MaxAuthTries 设置在 3-6 之间
加固建议
删除 /etc/ssh/sshd_config 中的 MaxAuthTries 注释符号 #,
设置密码尝试失败的最大次数 3-6 推荐 4
MaxAuthTries 4
建议在操作过程中做好记录和备份
Risk name
SSHD MandaTory use of V2 security protocol
Reinforcement recommendations

Set parameters in the /etc/ssh/sshd_config file as follows

Protocol 2
It is recommended to make records and backup during operation

风险名称
SSHD 强制使用 V2 安全协议
加固建议

在/etc/ssh/sshd_config文件中设置参数如下

协议 2
建议在操作过程中做好记录和备份

Risk name
Set SSH idle exit time
Reinforcement recommendations

Set ClientAliveInterval to 300 to 900 in /etc/ssh/sshd_config, which is 5-15 minutes, and set ClientAliveCountMax to 0-3

ClientAliveInterval 600  ClientAliveCountMax 2
It is recommended to make records and backup during operation
风险名称
设置 SSH 空闲退出时间
加固建议
在/etc/ssh/sshd_config中设置ClientAliveInterval为300到900,即5-15分钟,设置ClientAliveCountMax为0-3
ClientAliveInterval 600 ClientAliveCountMax 2
建议在操作过程中做好记录和备份

注解:

ClientAliveInterval 600 表示每隔300秒向客户端发送一个“空包”,以保持于客户端的连接。 此选项仅适用于协议版本2。

ClientAliveCountMax 0 表示总共发送多少次“空包”,之后断开它们之间的连接

上面两行配置的意思为:设置的空闲超时时间间隔是600秒,ssh会话将被终止,甚至发送都不会保持活动包

 

Risk name
Make sure SSH LogLevel is set to INFO
Reinforcement recommendations

Set parameters in the /etc/ssh/sshd_config file as follows (uncomment)

LogLevel INFO
It is recommended to make records and backup during operation
风险名称
确保 SSH LogLevel 设置为 INFO
加固建议
在 /etc/ssh/sshd_config 文件中设置参数如下(取消注释)
LogLevel INFO:设置记录sshd日志消息的级别为INFO
建议在操作过程中做好记录和备份
Risk name
Disable SSH users with empty passwords from logging in
Reinforcement recommendations

Configure PermitEmptyPasswords to no in /etc/ssh/sshd_config

PermitEmptyPasswords no
It is recommended to make records and backup during operation

禁止使用空密码的 SSH 用户登录
加固建议
在 /etc/ssh/sshd_config 中将 PermitEmptyPasswords 配置为 no

PermitEmptyPasswords 否

建议在操作过程中做好记录和备份

 

汇总需要修改的设置

MaxAuthTries 4
Protocol 2
ClientAliveInterval 600
ClientAliveCountMax 3
LogLevel INFO
PermitEmptyPasswords no

发表回复

后才能评论