mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-25 12:49:26 +01:00
sshd_config.d: read Mozilla docs & adjust accordingly
https://infosec.mozilla.org/guidelines/openssh
This commit is contained in:
parent
5211fb772c
commit
c5fa3daf29
@ -1,3 +1,7 @@
|
||||
sshd_config should include something like
|
||||
|
||||
Include /etc/ssh/sshd_config.d/*.conf
|
||||
|
||||
## See also
|
||||
|
||||
https://infosec.mozilla.org/guidelines/openssh
|
||||
|
@ -5,9 +5,14 @@ HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
# Includes public keys in logins
|
||||
LogLevel VERBOSE
|
||||
|
||||
# root login should probably be denied entirely, but key is better than
|
||||
# password
|
||||
PermitRootLogin prohibit-password
|
||||
|
||||
# No direct root login, keys might be ok, but audit trail
|
||||
PermitRootLogin no
|
||||
# Passwords are bad
|
||||
PasswordAuthentication no
|
||||
AuthenticationMethods publickey
|
||||
|
||||
# Doesn't exist in Fedora
|
||||
#Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
|
||||
|
||||
# Use kernel sandbox mechanisms where possible in unprivileged processes
|
||||
UsePrivilegeSeparation sandbox
|
||||
|
Loading…
Reference in New Issue
Block a user