Merge pull request dev-sec#368 from dev-sec/max_startups

reduce maximum unauthenticated ssh sessions
divialth · Jan 11, 2021 · 855dbe5 · 855dbe5
2 parents 108b0b8 + 3156788
commit 855dbe5
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/roles/ssh_hardening/README.md b/roles/ssh_hardening/README.md
@@ -201,7 +201,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
   - Default: `[]`
   - Description: a list of revoked public keys that the ssh server will always reject, useful to revoke known weak or compromised keys.
 - `ssh_max_startups`
-  - Default: `'10:30:100'`
+  - Default: `'10:30:60'`
   - Description: Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon.
 - `ssh_macs`
   - Default: `[]`

diff --git a/roles/ssh_hardening/defaults/main.yml b/roles/ssh_hardening/defaults/main.yml
@@ -177,7 +177,7 @@ ssh_server_permit_environment_vars: 'no'
 ssh_server_accept_env_vars: ''
 
 # maximum number of concurrent unauthenticated connections to the SSH daemon
-ssh_max_startups: '10:30:100'       # sshd
+ssh_max_startups: '10:30:60'       # sshd
 
 ssh_ps53: 'yes'
 ssh_ps59: 'sandbox'