mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-01 15:59:22 +01:00
Mikaela Suomalainen
f75bc7bd07
> /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020
22 lines
724 B
Plaintext
22 lines
724 B
Plaintext
# RSA and Ed25519 are fine, but DSA is broken and ecdsa is suspicious
|
|
# Missing keys?
|
|
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
|
|
# ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
# Includes public keys in logins
|
|
LogLevel VERBOSE
|
|
|
|
# No direct root login, keys might be ok, but audit trail
|
|
PermitRootLogin no
|
|
# Passwords are bad
|
|
PasswordAuthentication no
|
|
AuthenticationMethods publickey
|
|
|
|
# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
|
|
# Debian
|
|
#Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
|
|
# Fedora
|
|
#Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
|