shell-things/etc/ssh/sshd_config.d/00-basic-security.conf

24 lines
859 B
Plaintext
Raw Normal View History

2024-01-12 12:50:49 +01:00
# Ed25519 is fine, but DSA is broken, time has passed RSA and ecdsa is sus…
# Missing keys?
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Includes public keys in logins
LogLevel VERBOSE
# No direct root login, keys might be ok, but audit trail...
PermitRootLogin no
#...unless we happen to be on SteamOS on Steam Deck where we probably don't
# care about audit trail by user deck and where keyed SSH may be preferable
# over having a password?
#PermitRootLogin prohibit-password
# Passwords are bad
PasswordAuthentication no
AuthenticationMethods publickey
# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
# Debian
#Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
# Fedora
#Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO