Hardening OpenSSH


Sven Vermeulen Wed 18 July 2012

A while ago I wrote about a Gentoo Security Benchmark which would talk about hardening a Gentoo Linux installation. Within that document, I was documenting how to harden specific services as well. However, I recently changed my mind and wanted to move the hardening stuff for the services in separate documents.

The first one is now finished - Hardening OpenSSH is a benchmark informing you how to potentially harden your SSH installation further. It uses XCCDF/OVAL so that users of openscap (and other compliant tools) can test their system automatically, generating nice reports on the state of their SSH configuration.

For now, the SSH stuff is also still part of the Gentoo document, but I'll move that out soon and refer to this new document.

Hardened Gentoo's purpose is to make Gentoo viable for highly secure, high stability production server environments. Hence, hardening documents
should be one of its deliverables as well. So, dear users, do you think it is wise for the Gentoo Hardened project to also focus on delivering hardening guides for services? If so, I'm sure we can draft up others...