Hacker News new | past | comments | ask | show | jobs | submit login

If it's useful, here [1] is a tool for auditing the SSH config of a server from the internet and suggesting hardening options for both server and client. And here [2] is a tool for configuring TLS on various web servers, load balancers, mail servers and databases. One could also clone testssl.sh [3] to audit their TLS daemons on IP's not open to the internet. Depends on openssl and bash

If hardening SSH it may be safest to first harden the SSH client and ensure one can still connect. Then harden the ssh daemon of a local machine using the same version of openssh used on ones servers to minimize the risk of locking one out of their own machine and having to use a rescue console or ILO. This may be counter-intuitive but going through the hardening process significantly speeds up SSH handshake time which may be most useful to those using Ansible.

[1] - https://www.ssh-audit.com/

[2] - https://ssl-config.mozilla.org/

[3] - https://github.com/drwetter/testssl.sh




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: