SecHard

SSH Items

Owned by seda peker
Jan 11, 2024
4 min read

  • Ensure SSH LogLevel is appropriate (Automated)

This usually refers to a system administrator or automation tools automatically editing the SSH server configuration to set a specific log level (LogLevel). This may be due to the need to log certain events in more detail for security, monitoring or troubleshooting purposes.

  • Ensure SSH PAM is enabled (Automated)

PAM is a system library that provides user authentication management and is a flexible and extensible authentication framework for various services.

This phrase usually refers to a system administrator or automation tools enabling PAM by automatically changing the SSH server configuration. Using PAM on SSH servers is important for implementing stronger and more flexible authentication policies.

  • Ensure SSH root login is disabled (Automated)

The root user is the user with the highest privileges on a Linux or Unix system. However, SSH login directly with the root user can increase security risks. For this reason, system administrators usually prefer to disable this type of login.

  • Ensure SSH HostbasedAuthentication is disabled (Automated)

Hostbased Authentication refers to disabling the Hostbased Authentication feature and automating this process. Hostbased Authentication relies on authentication of a computer by another computer known to that computer. This is an authentication method that is not recommended in most cases, as it can often lead to security vulnerabilities.

  • Ensure SSH PermitEmptyPasswords is disabled (Automated)

Refers to disabling the "PermitEmptyPasswords" property and automating this process. This feature controls whether SSH users are allowed to log in with empty passwords.

  • Ensure SSH PermitUserEnvironment is disabled (Automated)

Refers to disabling the "PermitUserEnvironment" property and automating this process. This property controls whether users are allowed to customise their own environments.

If this property is enabled, users can set their own environment variables during SSH sessions. However, for security reasons, this should generally be restricted, as malicious users may use this feature to make unwanted interactions with the system.

  • Ensure SSH IgnoreRhosts is enabled (Automated)

Refers to enabling the "IgnoreRhosts" feature and automating this process. This feature disables Rhosts-based authentication methods that pose potential security risks.

Rhosts-based authentication involves authenticating the user using the .rhosts file on another trusted system. This method can cause security vulnerabilities and can be exploited by malicious users.

  • Ensure SSH X11 forwarding is disabled (Automated)

Refers to disabling the X11 forwarding feature and automating this process. X11 forwarding is a feature used to forward a graphical user interface from a remote server to a local computer.

This statement is intended to disable X11 forwarding during SSH sessions, usually for security reasons, especially in untrusted networks or remote access situations. This prevents malicious users from potentially making unwanted interactions on the system.

  • Ensure SSH AllowTcpForwarding is disabled (Automated)

Refers to disabling the "AllowTcpForwarding" feature and automating this process. This property controls TCP port forwarding during an SSH session.

TCP port forwarding allows a user to make a TCP connection from one computer to another computer. However, this feature may involve security risks, especially in untrusted networks or remote access situations.

This statement allows AllowTcpForwarding to be disabled, usually for security reasons, especially to limit potential attacks.

  • Ensure SSH warning banner is configured (Automated)

Such warning notices are used to emphasise system policies, inform users of security measures, or draw attention to terms of use. Automation tools are useful for applying such notices consistently across many systems.

  • Ensure SSH MaxAuthTries is set to 4 or less (Automated)

Refers to setting the "MaxAuthTries" parameter to a value of 4 or less and automating this process. This parameter limits the number of failed authentication attempts by a user against the SSH server.

This security measure makes it difficult for a malicious attacker to perform a brute-force attack against SSH accounts. Brute-force attacks are types of attacks in which an attacker attempts to access an account by trying a user's password.

  • Ensure SSH MaxStartups is configured (Automated)

SSH servers use the "MaxStartups" parameter to manage concurrent connections. This parameter is used to control the number of simultaneous connections and prevent overloading.

For example, this parameter is used to determine how many simultaneous connections a server is allowed. Parameter values usually include three parameters: initial, allowable increment over one minute, and allowable increment over one hour. This specifies how many simultaneous connections the server is initially allowed, how many connections can be added within one minute, and how many connections can be added within one hour.

  • Ensure SSH MaxSessions is set to 10 or less (Automated)

Refers to checking whether the "MaxSessions" parameter is set and automating this check. This parameter controls the number of concurrent sessions of a user.

  • Ensure SSH LoginGraceTime is set to one minute or less (Automated)

Refers to checking whether the "LoginGraceTime" parameter is set and automating this check. This parameter controls the amount of time a user has the right to log in to the server before starting the authentication process.

  • Ensure SSH Idle Timeout Interval is configured (Automated)

Refers to checking whether the "ClientAliveInterval" and "ClientAliveCountMax" values are set and automating this check. These parameters allow the session to be terminated if a user does not interact for a certain period of time during an SSH session.

SecHard