==========================================================================
Document: Security Requirement - Secure Shell (SSH)
Doc-No  : 3.04
Author  : Telekom Security
Version : 2.5
Date    : Oct 30, 2018
Source  : https://psa-portal.telekom.de
==========================================================================

Req-1: The SSH protocol version 2 must be used.
Req-2: SSH moduli smaller than 2048 must not be used.
Req-3: Only approved key exchange algorithms must be used.
Req-4: Only approved ciphers algorithms must be used.
Req-5: Only approved MAC algorithms must be used.
Req-6: SSH logging must be enabled.
Req-7: SSH LoginGraceTime must be set to one minute or less.
Req-8: SSH MaxAuthTries must be set to 5 or less.
Req-9: SSH root login must be disabled.
Req-10: SSH strict mode must be enabled.
Req-11: SSH user authentication must be done with public keys.
Req-12: SSH password authentication must be disabled.
Req-13: SSH IgnoreRhosts must be enabled.
Req-14: SSH HostbasedAuthentication must be disabled.
Req-15: The usage of the SSH service must be restricted to dedicated groups or users.
Req-16: The SSH Idle Timeout Interval must be configured to an adequate time.
Req-17: SSH tunnel devices must be disabled.
Req-18: SSH TCP port forwarding must be disabled.
Req-19: SSH agent forwarding must be disabled.
Req-20: SSH gateway ports must be disabled.
Req-21: SSH X11 forwarding must be disabled.
Req-22: SSH PermitUserEnvironment must be disabled.
Req-23: SSH PermitEmptyPasswords must be disabled.
Req-24: If SFTP is activated, internal server of OpenSSH must be used.