the-bastion/etc/ssh/sshd_config.default

# Hardened SSHD bastion config -- modify wisely!
# Based on https://wiki.mozilla.org/Security/Guidelines/OpenSSH
# With additional restrictions where applicable

# -lo and -rt users only have local console login
DenyUsers *-rt
DenyUsers *-lo

# hardened params follow. every non-needed feature is disabled by default,
# following the principle of least rights and least features (more enabled
# features mean a more important attack surface).

# === FEATURES ===

# disable non-needed sshd features
AllowAgentForwarding no
AllowTcpForwarding no
AllowStreamLocalForwarding no
X11Forwarding no
PermitTunnel no
PermitUserEnvironment no
PermitUserRC no
GatewayPorts no

# === INFORMATION DISCLOSURE ===

# however, display a legal notice for each connection
Banner /etc/ssh/banner

# don't print the bastion MOTD on connection
PrintMotd no

# === CRYPTOGRAPHY ===

# enforce the use of ssh version 2 protocol, version 1 is disabled.
# all sshd_config options regarding protocol 1 are therefore omitted.
Protocol 2

# only use hostkeys with secure algorithms, and omit the ones using NIST curves
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

# list of allowed ciphers.
# chacha20-poly1305 is a modern cipher, considered very secure
# aes is still the standard, we prefer gcm cipher mode, but also
# allow ctr cipher mode for compatibility (ctr is still considered secure)
# we deny arcfour(rc4), 3des, blowfish and cast
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

# list of allowed message authentication code algorithms.
# etm (encrypt-then-mac) are considered the more secure, we
# prefer umac (has been proven secure) then sha2.
# for older ssh client, fallback to the non-etm version of
# the algorithms.
# we deny md5 and sha1
MACs umac-128-etm@openssh.com,umac-64-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128@openssh.com,umac-64@openssh.com,hmac-sha2-512,hmac-sha2-256

# List of allowed key exchange algorithms.
# we prefer curve25519-sha256 which is considered the most modern/secure,
# and still allow diffie hellman with group exchange using sha256 which is
# the most secure dh-based kex.
# we avoid algorithms based on the disputed NIST curves, and anything based
# on sha1.
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

# force rekey every 512M of data or 6 hours of connection, whichever comes first
RekeyLimit 512M 6h

# === AUTHENTICATION ===

# we allow only public key authentication ...
PubkeyAuthentication yes
# ... not password
PasswordAuthentication no
# ... not keyboard interactive
KbdInteractiveAuthentication no
# ... not challenge-response
ChallengeResponseAuthentication no
# ... not host-based
HostbasedAuthentication no

# just in case, we also explicitly deny empty passwords
PermitEmptyPasswords no

# root login is allowed only with public keys, not passwords
# this can be disabled entirely for auditing reasons (forcing admins to use sudo)
PermitRootLogin without-password

# === LOGIN ===

# disconnect after 30 seconds if user didn't log in successfully
LoginGraceTime 30

# not more than 1 session per network connection (connection sharing with ssh client's master/shared mode)
MaxSessions 1

# maximum concurrent unauth connections to the sshd daemon
MaxStartups 50:30:500

# accept LANG and LC_* vars (also includes LC_BASTION)
AcceptEnv LANG LC_*

# === SYSTEM ===

# Use kernel sandbox mechanisms where possible in unprivilegied processes (seccomp)
UsePrivilegeSeparation sandbox

# sshd log level at verbose in auth facility for auditing purposes
LogLevel VERBOSE
SyslogFacility AUTH

# check sanity of user HOME dir before allowing user to login
StrictModes yes

# never use dns (slows down connections)
UseDNS no