-
Notifications
You must be signed in to change notification settings - Fork 0
4.3.3. SSH
Richard Spindler edited this page Feb 21, 2016
·
2 revisions
Show SSH Information:
$ ./parsec.rb --server=hostname --report=ssh --format=table --masked
+-------------------------+------------------+-------------+----------+
| Security Settings (/etc/ssh/sshd_config) |
+-------------------------+------------------+-------------+----------+
| Item | Current | Recommended | Complies |
+-------------------------+------------------+-------------+----------+
| Protocol | 2 | 2 | Yes |
| X11Forwarding | yes | no | *No* |
| MaxAuthTries | N/A | 3 | *No* |
| MaxAuthTriesLog | N/A | 0 | *No* |
| RhostsAuthentication | no | no | Yes |
| IgnoreRhosts | yes | yes | Yes |
| StrictModes | yes | yes | Yes |
| AllowTcpForwarding | no | no | Yes |
| ServerKeyBits | 768 | MASKED | *No* |
| GatewayPorts | no | no | Yes |
| RhostsRSAAuthentication | no | no | Yes |
| PermitRootLogin | without-password | no | *No* |
| PermitRootLogin | no | no | Yes |
| PermitEmptyPasswords | no | no | Yes |
| PermitUserEnvironment | N/A | no | *No* |
| HostbasedAuthentication | N/A | no | *No* |
| Banner | /etc/issue | /etc/issue | Yes |
| PrintMotd | no | no | Yes |
| ClientAliveInterval | N/A | 300 | *No* |
| ClientAliveCountMax | N/A | 0 | *No* |
| LogLevel | info | VERBOSE | *No* |
| RSAAuthentication | yes | no | *No* |
| UsePrivilegeSeparation | N/A | yes | *No* |
| LoginGraceTime | 600 | 120 | *No* |
| ServerKeyBits | 768 | MASKED | *No* |
+-------------------------+------------------+-------------+----------+