mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-29 06:29:36 +01:00
sshd_config.d: read Mozilla docs & adjust accordingly
https://infosec.mozilla.org/guidelines/openssh
This commit is contained in:
parent
5211fb772c
commit
c5fa3daf29
@ -1,3 +1,7 @@
|
|||||||
sshd_config should include something like
|
sshd_config should include something like
|
||||||
|
|
||||||
Include /etc/ssh/sshd_config.d/*.conf
|
Include /etc/ssh/sshd_config.d/*.conf
|
||||||
|
|
||||||
|
## See also
|
||||||
|
|
||||||
|
https://infosec.mozilla.org/guidelines/openssh
|
||||||
|
@ -5,9 +5,14 @@ HostKey /etc/ssh/ssh_host_ed25519_key
|
|||||||
# Includes public keys in logins
|
# Includes public keys in logins
|
||||||
LogLevel VERBOSE
|
LogLevel VERBOSE
|
||||||
|
|
||||||
# root login should probably be denied entirely, but key is better than
|
# No direct root login, keys might be ok, but audit trail
|
||||||
# password
|
PermitRootLogin no
|
||||||
PermitRootLogin prohibit-password
|
|
||||||
|
|
||||||
# Passwords are bad
|
# Passwords are bad
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
|
AuthenticationMethods publickey
|
||||||
|
|
||||||
|
# Doesn't exist in Fedora
|
||||||
|
#Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
|
||||||
|
|
||||||
|
# Use kernel sandbox mechanisms where possible in unprivileged processes
|
||||||
|
UsePrivilegeSeparation sandbox
|
||||||
|
Loading…
Reference in New Issue
Block a user