source the hardening conf + add psf-users to AllowGrops

Author: JacobCoffee

salt/benchmarks/configs/sshd-hardening.conf

@@ -0,0 +1,17 @@
+# Forbid any root SSH login
+PermitRootLogin no
+
+# Only allow public key auth for all users
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+ChallengeResponseAuthentication no
+PubkeyAuthentication yes
+
+# Restrict who can SSH in - allow PSF users and system admins
+AllowGroups psf-users sudo admin
+
+# Where to read user keys from
+AuthorizedKeysFile .ssh/authorized_keys
+
+# Keep PAM enabled for account/session modules (e.g., limits)
+UsePAM yes