2024-01-12 12:50:49 +01:00
|
|
|
# Ed25519 is fine, but DSA is broken, time has passed RSA and ecdsa is sus…
|
2021-01-30 20:31:38 +01:00
|
|
|
# Missing keys?
|
|
|
|
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
|
2021-01-30 19:47:21 +01:00
|
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
|
|
|
|
# Includes public keys in logins
|
|
|
|
LogLevel VERBOSE
|
|
|
|
|
2023-09-27 17:02:50 +02:00
|
|
|
# No direct root login, keys might be ok, but audit trail...
|
2021-01-30 20:18:41 +01:00
|
|
|
PermitRootLogin no
|
2023-09-27 17:02:50 +02:00
|
|
|
#...unless we happen to be on SteamOS on Steam Deck where we probably don't
|
|
|
|
# care about audit trail by user deck and where keyed SSH may be preferable
|
|
|
|
# over having a password?
|
|
|
|
#PermitRootLogin prohibit-password
|
2021-01-30 19:47:21 +01:00
|
|
|
# Passwords are bad
|
|
|
|
PasswordAuthentication no
|
2021-01-30 20:18:41 +01:00
|
|
|
AuthenticationMethods publickey
|
|
|
|
|
2021-01-30 20:31:38 +01:00
|
|
|
# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
|
|
|
|
# Debian
|
2021-01-30 20:18:41 +01:00
|
|
|
#Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
|
2021-01-30 20:31:38 +01:00
|
|
|
# Fedora
|
|
|
|
#Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
|