SSH

The Secure Shell Protocol (SSH Protocol) is a cryptographic network protocol for operating network services securely even over an unsecured network. Its most notable applications are remote login, command-line execution but it is also use to transfer files or access other hosts behind the remote end. So SSH (secure shell) is a widely-used protocol for remote administration of Unix and Linux servers. It’s available too on Windows 10 and later.

openssh is the implementation running on all my Linux servers. It contains numerous parameters including several potentially insecure settings so as to maintain compatibility with outdated client software.

On my servers, the configuration file is generated by ansible using a template. The default values I am using comes from

my own experience working with various Linux distributions

the recommendations from Lynis

the recommendations from ssh-audit

the feedback from security auditors

To configure it consistently, I am using a template. Do not use the values blindly, ie. one-time-password may require modification.

Current configuration

To check the validity of the configuration file and output the effective configuration to stdout, run

sshd -T -C user=user -C host=localhost -C addr=localhost

On AlmaLinux/CentOS/…, sshd -T is enough, no need to add the extra parameters.

Crypto

You will find bellow the values I am using for the parameters

Ciphers,
HostKeyAlgorithms
KexAlgorithms
MACs
PubkeyAcceptedAlgorithms
PubkeyAcceptedKeyTypes
RequiredRSASize

Warning

Changing the HostKeyAlgorithms line can cause clients to get a scary warning message about the host key changing:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

CentOS/Oracle Linux/RHEL 6

CentOS 6 and 7 are obsolete Linux distributions but for various reasons, the systems may still be waiting to be migrated. openssh on CentOS 6 and 7 are vulnerable to Terrapin (CVE-2023-48795) https://access.redhat.com/security/cve/cve-2023-48795

# openssh-server-5.3p1-124.el6_10.x86_64
sshd_useprivilegeseparation: "yes"
sshd_hostkeys:
- '/etc/ssh/ssh_host_rsa_key'
# - '/etc/ssh/ssh_host_dsa_key'
sshd_host_key_group:    'root'
sshd_host_key_mode:     "0600"
sshd_permittty_supported:       False
sshd_defaults: {
  ciphers:   'aes128-ctr,aes192-ctr,aes256-ctr',
  macs:      'hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512',
  kexalgorithms: 'diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1',
}

CentOS/Oracle Linux/RHEL 7

# openssh-server-7.4p1-23.el7_9.x86_64
sshd_defaults: {
# Terrapin mitigations - https://access.redhat.com/security/cve/cve-2023-48795
  ciphers: 'aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com',
# Remove diffie-hellman-group-exchange-sha256 from kexalgorithms as it's using small 1024-bit modulus
  kexalgorithms: 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512',
# Remove ssh-rsa from hostkeyalgorithms as it's deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256',
  macs: 'umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512',
}
sshd_useprivilegeseparation: "sandbox"

AlmaLinux/CentOS/Oracle/RHEL 8

# openssh-server-8.0p1-25.el8_10.alma.1.x86_64
sshd_defaults: {
  casignaturealgorithms: "ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519",
  ciphers: "aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr",
  gssapikexalgorithm: "gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-",
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com',
  kexalgorithms: "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
  macs: "hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com",
  pubkeyacceptedkeytypes: "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa"
}
sshd_permitlisten: "none"

AlmaLinux/CentOS/Oracle/RHEL 9

# openssh-server-8.7p1-45.el9.x86_64
sshd_defaults: {
  casignaturealgorithms: "ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512",
  ciphers: "aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr",
  gssapikexalgorithm: "gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-",
# Remove ecdsa-sha2-nistp256
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com',
# Remove ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  kexalgorithms: "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
  macs: "hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com",
  pubkeyacceptedkeytypes: "ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com",
  required_rsa_size: "2048",
# required_rsa_size: "3072"
}
sshd_permitlisten: "none"

AlmaLinux/CentOS/Oracle/RHEL 10

# openssh-server-9.9p1-7.el10_0.x86_64
sshd_hostkeys:
- '/etc/ssh/ssh_host_ed25519_key'
sshd_host_key_group:    'root'
sshd_host_key_mode:     "0600"
sshd_defaults: {
  casignaturealgorithms: "ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512",
  ciphers: "aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr",
  gssapikexalgorithm: "gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-",
# Remove ecdsa-sha2-nistp256
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com',
# Remove ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  kexalgorithms: "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
  macs: "hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com",
  pubkeyacceptedkeytypes: "ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com",
  required_rsa_size: "2048",
# required_rsa_size: "3072"
}
sshd_permitlisten: "none"

Debian 10

# 7.9p1-10+deb10u4
sshd_service: "ssh"
sshd_subsystem_sftp:    "/usr/lib/openssh/sftp-server"
sshd_host_key_group:    'root'
sshd_host_key_mode:     "0600"
sshd_defaults: {
  casignaturealgorithms: "ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512",
  ciphers: "aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr",
  gssapikexalgorithm: "gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-",
# Remove ecdsa-sha2-nistp256
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com',
# Remove ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  kexalgorithms: "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
  macs: "hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com",
  pubkeyacceptedkeytypes: "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa",
}
sshd_permitlisten: "none"

Debian 11

# 8.4p1-5+deb11u5
sshd_service: "ssh"
sshd_subsystem_sftp:    "/usr/lib/openssh/sftp-server"
sshd_host_key_group:    'root'
sshd_host_key_mode:     "0600"
sshd_defaults: {
  casignaturealgorithms: "ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512",
  ciphers: "aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr",
  gssapikexalgorithm: "gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-",
# Remove ecdsa-sha2-nistp256
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com',
# Remove ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  kexalgorithms: "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
  macs: "hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com",
  pubkeyacceptedkeytypes: "ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com",
#  required_rsa_size not supported
}
sshd_permitlisten: "none"

Debian 12

# 9.2p1-2+deb12u7
sshd_service: "ssh"
sshd_subsystem_sftp:    "/usr/lib/openssh/sftp-server"
sshd_host_key_group:    'root'
sshd_host_key_mode:     "0600"
sshd_defaults: {
  casignaturealgorithms: "ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512",
  ciphers: "aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr",
  gssapikexalgorithm: "gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-",
# Remove ecdsa-sha2-nistp256
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com',
# Remove ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  kexalgorithms: "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
  macs: "hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com",
  pubkeyacceptedkeytypes: "ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com",
  required_rsa_size: "2048",
# required_rsa_size: "3072"
}
sshd_permitlisten: "none"

Debian 13

# 10.0p1-7
sshd_service: "ssh"
sshd_subsystem_sftp:    "/usr/lib/openssh/sftp-server"
sshd_host_key_group:    'root'
sshd_host_key_mode:     "0600"
sshd_defaults: {
  casignaturealgorithms: "ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512",
  ciphers: "aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr",
  gssapikexalgorithm: "gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-",
# Remove ecdsa-sha2-nistp256
  hostkeyalgorithms: 'ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com',
# Remove ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  kexalgorithms: "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
  macs: "hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com",
  pubkeyacceptedkeytypes: "ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com",
  required_rsa_size: "2048",
# required_rsa_size: "3072"
}
sshd_permitlisten: "none"

To get the accepted values

ssh -Q cipher: supported symmetric ciphers
ssh -Q cipher-auth: supported symmetric ciphers that support authenticated encryption
ssh -Q mac: supported message integrity codes
ssh -Q kex: key exchange algorithms
ssh -Q kex-gss: GSSAPI key exchange algorithms
ssh -Q key: key types
ssh -Q key-ca-sign: valid CA signature algorithms for certificates,
ssh -Q key-cert: certificate key types
ssh -Q key-plain: non-certificate key types
ssh -Q key-sig: all key types and signature algorithms
ssh -Q protocol-version: supported SSH protocol versions
ssh -Q sig: supported signature algorithms.

https://blog.jeanbruenn.info/2023/12/23/hardening-your-openssh-configuration-do-you-know-about-the-tool-ssh-audit/ https://materials.rangeforce.com/tutorial/2020/02/13/SSH-Audit/

AllowAgentForwarding

AllowAgentForwarding no

AllowTcpForwarding

AllowTcpForwarding no

ChallengeResponseAuthentication

ChallengeResponseAuthentication no

ClientAliveCountMax

ClientAliveCountMax 2

Compression

Compression delayed

DebianBanner

DebianBanner no

Debian system retuns by default a banner like SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u4. With DebianBanner no, the banner becomes SSH-2.0-OpenSSH_7.9p1

GSSAPIAuthentication

GSSAPIAuthentication no

GSSAPICleanupCredentials

GSSAPICleanupCredentials yes

HostbasedAuthentication

HostbasedAuthentication no

IgnoreRhosts

IgnoreRhosts yes

LogLevel

LogLevel INFO

Sep 17 15:37:36 tst-almalinux9 sshd[1497662]: Accepted publickey for filtrix from 10.20.20.248 port 60368 ssh2: RSA SHA256:CXSnf0gnApTmysI/S1srUAOj11vktocFrV4O0y3FpAk

The LogLevel is configured to INFO by default. It records the fingerprint of the publickey used to authenticate since OpenSSH 6.3/6.3p1 (2013-09-13). So it seems useless to follow Lynis who still recommend to use VERBOSE to record the fingerprint.

MaxAuthTries

Lynis want 3 but it may be too low if you have multiple ssh keys. I need to pick a value, 5 seems ok.

MaxAuthTries 5

MaxSessions

I never have any problem with

MaxSessions 10

It’s the default value.

But Lynis recommend 2 sessions. If you want to follow Lynis advice but need sessions for a user named admin, you can use

MaxSessions 2

Match User admin
      MaxSessions 10

MaxStartups

MaxStartups 10:30:100

PasswordAuthentication

PasswordAuthentication no

If some users really need to use password, it remains possible to enable this possible user per user or per group

Match User alice
        PasswordAuthentication yes

PermitEmptyPasswords

PermitEmptyPasswords no

PermitListen

OpenSSH 7.8/7.8p1 (2018-08-24)

sshd(8): add a PermitListen directive to sshd_config(5) and a: corresponding permitlisten= authorized_keys option that control which listen addresses and port numbers may be used by remote forwarding (ssh -R …).

PermitOpen

PermitOpen none

PermitRootLogin

PermitRootLogin no: it’s not possible to ssh as root
PermitRootLogin forced-commands-only: it’s possible to run a limited number of commands as root.

I am using the later to enable rsync backup.

/root/.ssh/.authorized_keys

from="1.2.3.4",restrict,command="/usr/local/bin/validate-rsync" ssh-rsa AAAAB...

forced-commands-only is better than a plain yes but of course, if the rsync command is granted, it’s quite easy to alter the configuration. The GTFOBins project collects legitimate functions of Unix binaries that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.

Port

The default ssh port is 22. I don’t think security through obscurity brings enough benefits to change the port.

PrintLastLog

PrintLastLog yes

Protocol

Protocol 2

PubkeyAuthentication

PubkeyAuthentication yes

StrictModes

StrictModes yes

Specifies whether sshd should check file modes and ownership of the user’s files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is yes.

TCPKeepAlive

TCPKeepAlive yes

The default is yes (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes. This avoids infinitely hanging sessions. The TCP keepalive option enabled by TCPKeepAlive is spoofable but disabling TCPKeepAlive will not increase the security. To add non spoofable keep-alive, configure ClientAliveInterval to set a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client.

UseDNS

UseDNS no

UsePAM

UsePAM yes

X11Forwarding

X11Forwarding no

This parameter can be overridden for some users or groups.