Links

Dangerous Settings

Despite the SSH protocol being one of the most secure protocols available today, some misconfigurations can still make the SSH server vulnerable to easy-to-execute attacks. Let us take a look at the following settings:
Setting
Description
PasswordAuthentication yes
Allows password-based authentication.
PermitEmptyPasswords yes
Allows the use of empty passwords.
PermitRootLogin yes
Allows to log in as the root user.
Protocol 1
Uses an outdated version of encryption.
X11Forwarding yes
Allows X11 forwarding for GUI applications.
AllowTcpForwarding yes
Allows forwarding of TCP ports.
PermitTunnel
Allows tunneling.
DebianBanner yes
Displays a specific banner when logging in.