feat(security): tightened files mode for ssh configuration and enabled ipv6 on ssh, along with an increase on max sessions from 3 to 5

collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml

@@ -35,17 +35,17 @@
       ansible.builtin.template:
         src: ../templates/openssh-server/sshd_config.j2
         dest: /etc/ssh/sshd_config
-        mode: '0644'
+        mode: '0600'
     - name: '[ssh] ensure directories exist'
       ansible.builtin.file:
         path: /etc/ssh/sshd_config.d
         state: directory
-        mode: '0755'
+        mode: '0700'
     - name: '[ssh] setup sshd_config.d'
       ansible.builtin.template:
         src: ../templates/openssh-server/sshd_config.d/encryption.conf.j2
         dest: /etc/ssh/sshd_config.d/encryption.conf
-        mode: '0644'
+        mode: '0600'
     - name: '[ssh] remove low security keys'
       ansible.builtin.file:
         path: "/etc/ssh/{{ item }}"

collections/ansible_collections/nullified/infrastructure/roles/security/templates/openssh-server/sshd_config.j2

@@ -1,14 +1,14 @@
 AcceptEnv                       LANG LC_*
-AddressFamily                   inet
+AddressFamily                   any
 AllowAgentForwarding            no
 ChallengeResponseAuthentication no
 ClientAliveCountMax             2
 ClientAliveInterval             300
 HostKey                         /etc/ssh/ssh_host_ed25519_key
 IgnoreRhosts                    yes
-LogLevel                        VERBOSE
+LogLevel                        INFO
 MaxAuthTries                    3
-MaxSessions                     3
+MaxSessions                     5
 PermitEmptyPasswords            no
 PermitRootLogin                 no
 PrintMotd                       yes