Add SSH hardening (#1300)

commit: 0c7790964969f0b277846335770ef15f984382e3 [log] [tgz]
author: Mohammed Naser <mnaser@vexxhost.com> Wed Jun 05 10:35:00 2024 -0400
committer: GitHub <noreply@github.com> Wed Jun 05 14:35:00 2024 +0000
tree: 6567bc9b4fb314244c4c9fa501497fee3f67c3f8
parent: 0824e924a26712819adb0d42a3f809545bb7a749 [diff]
diff --git a/images/nova-ssh/Dockerfile b/images/nova-ssh/Dockerfile
index b61f4cd..5b6b56b 100644
--- a/images/nova-ssh/Dockerfile
+++ b/images/nova-ssh/Dockerfile

@@ -15,3 +15,10 @@
 mkdir /var/run/sshd
 chmod 0755 /var/run/sshd
 EOF
+COPY <<EOF /etc/ssh/sshd_config.d/00-hardening.conf
+Ciphers aes256-ctr,aes192-ctr
+MACs hmac-sha2-512,hmac-sha2-256
+KexAlgorithms diffie-hellman-group-exchange-sha256
+HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
+MaxAuthTries 3
+EOF
commit	0c7790964969f0b277846335770ef15f984382e3	[log] [tgz]
author	Mohammed Naser <mnaser@vexxhost.com>	Wed Jun 05 10:35:00 2024 -0400
committer	GitHub <noreply@github.com>	Wed Jun 05 14:35:00 2024 +0000
tree	6567bc9b4fb314244c4c9fa501497fee3f67c3f8
parent	0824e924a26712819adb0d42a3f809545bb7a749 [diff]