0

I'm attempting to enhance the security of my OpenSSH server configuration by enforcing a maximum authentication time limit. However, upon trying to implement this by adding the MaxAuthAge option to the sshd_config file, I encountered an error indicating that the option is not recognized. Despite searching through the OpenSSH documentation, I couldn't find a direct method to set a maximum authentication time.

What is the recommended approach for enforcing a maximum authentication time limit in OpenSSH? Are there alternative methods or configurations that can effectively achieve this goal? Any insights or suggestions would be greatly appreciated.

Here's the error message I encountered when attempting to validate the configuration:

$ /usr/sbin/sshd -tT

/etc/ssh/sshd_config: line 100: Bad configuration option: MaxAuthAge
  /etc/ssh/sshd_config: terminating, 1 bad configuration options
  • sshd_config: 
    # NAME: LALATENDU HARDENED OPENSSH CONFIGURATION
# AUTHOR: LALATENDU
# DATE CREATED: MARCH 02, 2024
# LAST UPDATED: MARCH 02, 2024

    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
    

    Protocol 2
    

    PermitRootLogin no
    

    PermitTunnel no
    

    Subsystem sftp internal-sftp
    

    PasswordAuthentication no
    

    ClientAliveInterval 180
ClientAliveCountMax 2
    

    GatewayPorts no
    

    DisableForwarding yes
    

    AuthorizedKeysFile      .ssh/authorized_keys .ssh/authorized_keys2
AllowUsers lalatendu
    

    AllowStreamLocalForwarding no
    

    Ciphers aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com
PubkeyAcceptedKeyTypes ssh-ed25519
    

    MaxSessionsPerUser 2
MaxAuthTries 3
MaxSessions 2
MaxAuthAge 600
LoginGraceTime 30
MaxStartups 3:50:10
    

    PermitEmptyPasswords no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
HostbasedAuthentication no
UsePrivilegeSeparation sandbox
    

    StrictModes yes
    

    X11Forwarding no
    

    AllowTcpForwarding no
    

    StrictModes yes
    

    IgnoreRhosts yes
    

    PrintMotd yes
PrintLastLog yes
Banner /etc/issue.net
    

    Compression no
    

    LogLevel VERBOSE
    

    AllowAgentForwarding no
    

    TCPKeepAlive no
    

    UseDNS no
    

    Match Address 192.168.1.100
    AllowUsers lalatendu
    PermitOpen any
    PermitRootLogin no
    X11Forwarding yes
    PasswordAuthentication no
    

    DenyUsers ubuntu centos admin
DenyGroups docker
JW0914
  • 7,865
Lalatendu Swain
  • 1

0 Answers0