ssh-audit
easy-admin
Our great sponsors
ssh-audit | easy-admin | |
---|---|---|
21 | 5 | |
3,067 | 31 | |
- | - | |
8.5 | 8.4 | |
9 days ago | 5 months ago | |
Python | Shell | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ssh-audit
-
Terrapin Attack for prefix injection in SSH
No. Mitigations are available now. Follow the recommendations from ssh-audit (master version). [0]
- SSH-audit: SSH server and client security auditing
- Why so many bots?
-
How to secure my self-hosted website?
Match Address 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 PasswordAuthentication yes ```` You may audit your SSH service by https://github.com/jtesta/ssh-audit
-
Blocking SSH Bot Net Attack
ssh-audit: SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
-
ssh-audit VS cryptolyzer - a user suggested alternative
2 projects | 24 Jan 2022
-
Securing a Linux server. What else to do?
For further SSH hardening, see github jtesta/ssh-audit.
-
Simple SSH Security
You can also test your actual configuration with ssh-audit: https://github.com/jtesta/ssh-audit
-
How many of you use SSH to manage your server?
And an audit script to check your server: https://github.com/jtesta/ssh-audit
- FreeBSD SSH Hardening
easy-admin
-
SSHGuard
while it is not the best, you can try my working sane default for sshd_config and sshd_config.
Each settings in the config files have annotations and details and some have additional links detailing why.
Even has a bash script to let you create these config files (defaults to a subdirectory, not into /etc/ssh)
https://github.com/egberts/easy-admin/tree/b74765baa450593be...
-
Start Self Hosting
CISecurity and other government hardening docs were applied as well and then some I took even further like Chrony had its file permissions/ownership even further and MitM block feature as well.
These are dangerous scripts where it can write files as root but as a user, you will instead get configuration files written out in appropriate directories under `build` subdirectory.
If these designs work across Redhat/Fedora/CentOS, Debian/Devuan, and ArchLinux well, I may forge even further.
-
How Does NTP (Network Time Protocol) Work?
There is MitM NTP going on so a bit of hardening is needed.
Not commonly discussed but I wrote a script to do Chrony added configuration to mitigate this.
https://github.com/egberts/easy-admin/blob/main/480-ntp-chro...
-
Simple SSH Security
I also offer easy setup for a secured SSH server and client.
What are some alternatives?
docker-ntp - 🕒 Chrony NTP Server running in a Docker container (without the priviledged flag)
Pritunl - Enterprise VPN server
testssl.sh - Testing TLS/SSL encryption anywhere on any port
yubikey-agent - yubikey-agent is a seamless ssh-agent for YubiKeys.
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
tinyssh - TinySSH is small server (less than 100000 words of code)
mistborn
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
tailscale - The easiest, most secure way to use WireGuard and 2FA.
CryptoLyzer - CryptoLyzer is a fast, flexible and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI/.
endlessh - SSH tarpit that slowly sends an endless banner
tarsnap - Command-line client code for Tarsnap.