Improve SSHD config to use more secure settings (#17798)

Improve SSHD config to use more secure settings

Why I did it
According to Sonic OS review result, SSHD config file /etc/ssh/sshd_config using insecure settings.

Work item tracking
Microsoft ADO: 15022083
How I did it
Change build_debian.sh script to set following settings to /etc/ssh/sshd_config:
ClientAliveInterval is set to 300
MaxAuthTries is set to default of 3
Banner set to /etc/issue

How to verify it
Pass all E2E test case.
This commit is contained in:
Hua Liu 2024-01-23 13:49:47 +08:00 committed by GitHub
parent a2e57d849b
commit b1750b7cee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -484,10 +484,14 @@ rm /files/etc/ssh/sshd_config/ClientAliveInterval
rm /files/etc/ssh/sshd_config/ClientAliveCountMax
touch /files/etc/ssh/sshd_config/EmptyLineHack
rename /files/etc/ssh/sshd_config/EmptyLineHack ""
set /files/etc/ssh/sshd_config/ClientAliveInterval 900
set /files/etc/ssh/sshd_config/ClientAliveInterval 300
set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
ins #comment before /files/etc/ssh/sshd_config/ClientAliveInterval
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 15 minutes"
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 5 minutes"
rm /files/etc/ssh/sshd_config/MaxAuthTries
set /files/etc/ssh/sshd_config/MaxAuthTries 3
rm /files/etc/ssh/sshd_config/Banner
set /files/etc/ssh/sshd_config/Banner /etc/issue
rm /files/etc/ssh/sshd_config/LogLevel
set /files/etc/ssh/sshd_config/LogLevel VERBOSE
save