Skip to content
/ ssh-secure Public

Tools to automatically fix the sshd/ssh configuration

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

svalgaard/ssh-secure

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sshd-fix
sshd-fix
 
 

Repository files navigation

ssh-secure

Tools to automatically fix the sshd/ssh configuration.

After a security scan of your servers you might get warnings like the following:

  • SSH Weak Algorithms Supported
  • SSH Server CBC Mode Ciphers Enabled
  • SSH Weak MAC Algorithms Enabled

This script fixes your server's sshd and ssh config such that the server is follows best practice wrt which ciphers and algorithmns to use

Howto

To update / check your ssh(d) configuration, fetch the newest version of this script, and run it using Python (2.x)

wget https://raw.githubusercontent.com/svalgaard/ssh-secure/master/sshd-fix -O sshd-fix
sudo python sshd-fix

If your sshd daemon is not restarted as part of running sshd-fix, you should do this as soon as possible. Next, from another session, check that you can still login to server and that everything works as expected.

But I do not want to run something like this as root (using sudo)?!?

In this case, simply run the script without sudo, and copy-paste the lines to your ssh(d) configuration files. If you are using a very old version of ssh, you may have to run this as root (possibly via sudo) (or look at the output from sshd -T yourself.

About

Tools to automatically fix the sshd/ssh configuration

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages