Comments on: How to Secure and Harden OpenSSH Server

By: me

me — Mon, 26 Oct 2020 18:49:23 +0000

another tip: don’t use multiple years old version of security software, which normally has better defaults

By: Ievgen Sobko

Ievgen Sobko — Sun, 02 Aug 2020 07:27:59 +0000

I think there is one misunderstanding in alive intervals that I also had. Simply setting some `ClientAliveInterval` setting to value for instance to 180 doesn't mean connection will be dropped after not receiving a response in 180 seconds or 3 minutes. Here comes in play another option `ClientAliveCountMax` which is by default set to 3 so actual drop time will be evaluated as the multiplication of both these values. So in this example client will drop the connection, not after 3 minutes but 9. The same applies to `ServerAliveInterval` and `ServerAliveCountMax`.

By: Ravi Saive

Ravi Saive — Mon, 13 Jul 2020 05:00:30 +0000

In reply to MrCalvin.

@MrCalvin,

Yes, in the latest version of SSH, the protocol v.1 is no longer supported, it comes with protocol 2 only…

By: MrCalvin

MrCalvin — Sat, 11 Jul 2020 11:10:26 +0000

In reply to James Kiarie.

I get the error “SSH protocol v.1 is no longer supported” ;-)

So I guess you don’t have to bother about SSH protocol versions, at least on Debian 10/Buster

By: Zaheer Abbas

Zaheer Abbas — Sat, 11 Jul 2020 08:16:54 +0000

Beautiful.

Please post a tutorial on how to automate this process on multiple servers via ansible.

Cheers!