Skip to content

SSH security controls

Control : SSH-7408

Proper hardening of your SSH configuration can reduce known weaknesses

Control : SSH-7412

For proper authorization purposes, do not use direct root logins. Doing so, may result in actions being performed by administrators without any traceability. Also using root permissions directly might increase the risk of intrusion or availability. (e.g. brute force attacks on the password, account lockout)Unless the owner of each key is traceable, public key authentication can be considered.

Control : SSH-7416

SSH has the option to check for file permissions before use configuration and other files. With the StrictModes option, it will only use those files which are properly configured (e.g. not using chmod 777 applied).