OpenSSH is a method for secure communications without access to the local console. OpenSSH is feature rich supporting many different authentication mechanisms. It can also allow users to completely bypass firewall configurations via tunneling.
Scale: Known configurations
Required packages
| Service | Software package | Installation command |
|---|
| OpenSSH Server | openssh-server | yum -y install openssh-server |
| OpenSSH Client | openssh-clients | yum -y install clamav |
| denyhosts | denyhosts | yum -y install denyhosts |
Required Config Lines
| Requirement | Action | Config | Comment |
|---|
| Must | Define | Protocol 2 |
| Must | Define | PermitRootLogon no |
| Must | Define | TCPKeepAlive yes |
| Must | Not Define | Protocol 1 |
| Should | Define | X11Forwarding no |
| Should | Define | AllowTcpForwarding no |
| Should | Define | GatewayPorts no |
| Should | Define | PermitTunnel no |
| Should | Define | GSSAPIAuthentication | If not using GSSAPI |