On This Page

RHEL 8 SSH Hardening Guide

Description

Hardening the configuration of the SSH server is an important step in hardening your server. We recommend that you harden SSH as described below.

Relevant to

RHEL 8.x - all versions

Prerequisites

TOS must be installed on the server prior to implementing this resolution.

Notes

You will have to restart the sshd service after making the recommended changes. The service restart is included in the resolution steps below.

Resolution

Edit the file /etc/ssh/sshd_config, and set the fields listed below to the values listed. You may have to delete the comment character ('#') from some entries.

X11Forwarding no
Banner /etc/banner
ClientAliveInterval 3600
ClientAliveCountMax 0
AllowAgentForwarding no
AllowTcpForwarding no
Restart the sshd service:

# systemctl restart sshd

In addition to the parameters above, only modifications of KexAlgorithms, MACs and ciphers are supported.

We recommend installing all official security updates and security patches for your RHEL 8 version.



Was this helpful?

Thank you!

We’d love your feedback

We really appreciate your feedback

Send Feedback in email

Send this page to a colleague