shell-things/etc/ssh/sshd_config.d/basic-security.conf
Mikaela Suomalainen f75bc7bd07
sshd/basic-security.conf: remove deprecated option
> /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation

OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS  8 Dec 2020
2021-01-31 13:39:51 +02:00

22 lines
724 B
Plaintext

# RSA and Ed25519 are fine, but DSA is broken and ecdsa is suspicious
# Missing keys?
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
# ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Includes public keys in logins
LogLevel VERBOSE
# No direct root login, keys might be ok, but audit trail
PermitRootLogin no
# Passwords are bad
PasswordAuthentication no
AuthenticationMethods publickey
# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
# Debian
#Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
# Fedora
#Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO