Improve SSHD config to use more secure settings (#17798)
Improve SSHD config to use more secure settings Why I did it According to Sonic OS review result, SSHD config file /etc/ssh/sshd_config using insecure settings. Work item tracking Microsoft ADO: 15022083 How I did it Change build_debian.sh script to set following settings to /etc/ssh/sshd_config: ClientAliveInterval is set to 300 MaxAuthTries is set to default of 3 Banner set to /etc/issue How to verify it Pass all E2E test case.
This commit is contained in:
parent
a2e57d849b
commit
b1750b7cee
@ -484,10 +484,14 @@ rm /files/etc/ssh/sshd_config/ClientAliveInterval
|
||||
rm /files/etc/ssh/sshd_config/ClientAliveCountMax
|
||||
touch /files/etc/ssh/sshd_config/EmptyLineHack
|
||||
rename /files/etc/ssh/sshd_config/EmptyLineHack ""
|
||||
set /files/etc/ssh/sshd_config/ClientAliveInterval 900
|
||||
set /files/etc/ssh/sshd_config/ClientAliveInterval 300
|
||||
set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
|
||||
ins #comment before /files/etc/ssh/sshd_config/ClientAliveInterval
|
||||
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 15 minutes"
|
||||
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 5 minutes"
|
||||
rm /files/etc/ssh/sshd_config/MaxAuthTries
|
||||
set /files/etc/ssh/sshd_config/MaxAuthTries 3
|
||||
rm /files/etc/ssh/sshd_config/Banner
|
||||
set /files/etc/ssh/sshd_config/Banner /etc/issue
|
||||
rm /files/etc/ssh/sshd_config/LogLevel
|
||||
set /files/etc/ssh/sshd_config/LogLevel VERBOSE
|
||||
save
|
||||
|
Loading…
Reference in New Issue
Block a user