starlingx/config-files
Code Issues Proposed changes

Fix openscap security violations in sshd_config

Browse Source 
Updated ssh settings in /etc/ssh/sshd_config file to fix
some high and medium openscap security violations.

Story: 2008037
Task: 40694

Change-Id: Id57fbb13fd2b758f2e8608b56af9447035bac903
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Co-Authored-By: Thomas Gao <thomas.gao@windriver.com>
This commit is contained in:
Carmen Rata 2020-08-26 16:10:37 -04:00
parent 4a41816748
commit fc01cfbdd8
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openssh-config/files/sshd_config
View File

@ -55,13 +55,13 @@ AuthorizedKeysFile .ssh/authorized_keys
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
@ -103,11 +103,11 @@ X11Forwarding no
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation yes
#PermitUserEnvironment no
UsePrivilegeSeparation sandbox
PermitUserEnvironment no
Compression no
ClientAliveInterval 15
ClientAliveCountMax 4