2021-01-30 19:47:21 +01:00
|
|
|
# RSA and Ed25519 are fine, but DSA is broken and ecdsa is suspicious
|
|
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
|
|
|
|
# Includes public keys in logins
|
|
|
|
LogLevel VERBOSE
|
|
|
|
|
2021-01-30 20:18:41 +01:00
|
|
|
# No direct root login, keys might be ok, but audit trail
|
|
|
|
PermitRootLogin no
|
2021-01-30 19:47:21 +01:00
|
|
|
# Passwords are bad
|
|
|
|
PasswordAuthentication no
|
2021-01-30 20:18:41 +01:00
|
|
|
AuthenticationMethods publickey
|
|
|
|
|
|
|
|
# Doesn't exist in Fedora
|
|
|
|
#Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
|
|
|
|
|
|
|
|
# Use kernel sandbox mechanisms where possible in unprivileged processes
|
|
|
|
UsePrivilegeSeparation sandbox
|