{"description": "If the system needs to act as an SSH server, then\ncertain changes should be made to the OpenSSH daemon configuration\nfile <tt>/etc/ssh/sshd_config</tt>. The following recommendations can be\napplied to this file. See the <tt>sshd_config(5)</tt> man page for more\ndetailed information.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_rekey_limit_size", "var_rekey_limit_time", "var_sshd_disable_compression", "var_sshd_priv_separation", "var_sshd_set_login_grace_time", "var_sshd_set_maxstartups"], "groups": ["sshd_strengthen_firewall"], "rules": ["disable_host_auth", "firewalld_sshd_port_enabled", "sshd_allow_only_protocol2", "sshd_disable_compression", "sshd_disable_empty_passwords", "sshd_disable_forwarding", "sshd_disable_gssapi_auth", "sshd_disable_kerb_auth", "sshd_disable_pubkey_auth", "sshd_disable_rhosts", "sshd_disable_rhosts_rsa", "sshd_disable_root_login", "sshd_disable_root_password_login", "sshd_disable_tcp_forwarding", "sshd_disable_user_known_hosts", "sshd_disable_x11_forwarding", "sshd_do_not_permit_user_env", "sshd_enable_gssapi_auth", "sshd_enable_pam", "sshd_enable_pubkey_auth", "sshd_enable_strictmodes", "sshd_enable_warning_banner", "sshd_enable_warning_banner_net", "sshd_enable_x11_forwarding", "sshd_include_crypto_policy", "sshd_limit_user_access", "sshd_print_last_log", "sshd_rekey_limit", "sshd_set_idle_timeout", "sshd_set_keepalive", "sshd_set_keepalive_0", "sshd_set_login_grace_time", "sshd_set_loglevel_info", "sshd_set_loglevel_verbose", "sshd_set_max_auth_tries", "sshd_set_max_sessions", "sshd_set_maxstartups", "sshd_use_approved_ciphers", "sshd_use_approved_ciphers_ordered_stig", "sshd_use_approved_kex_ordered_stig", "sshd_use_approved_macs", "sshd_use_approved_macs_ordered_stig", "sshd_use_directory_configuration", "sshd_use_priv_separation", "sshd_use_strong_ciphers", "sshd_use_strong_kex", "sshd_use_strong_macs", "sshd_use_strong_rng", "sshd_x11_use_localhost"], "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "title": "Configure OpenSSH Server if Necessary", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ssh/ssh_server/group.yml"}