aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-17 06:44:37 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-17 06:44:37 +0200
commit07c280e03841712050bf726e8eab6d11fbe2a047 (patch)
treede55121016a85eb4484c78764acf6253665134c6
parent6319474a1659008174c0939d405202e495a8ede7 (diff)
Consolidate sshd_configHEADmaster
-rw-r--r--src/fripost-partman-udeb/base.sh2
-rw-r--r--src/fripost-postinst-udeb/sshd_config16
2 files changed, 4 insertions, 14 deletions
diff --git a/src/fripost-partman-udeb/base.sh b/src/fripost-partman-udeb/base.sh
index 329bd35..2de0ba1 100644
--- a/src/fripost-partman-udeb/base.sh
+++ b/src/fripost-partman-udeb/base.sh
@@ -284,9 +284,7 @@ fripost_encrypt() {
cat > /etc/ssh/sshd_config <<- EOF
Port 22
- Protocol 2
HostKey $sshHostKey
- UsePrivilegeSeparation no
PasswordAuthentication no
ChallengeResponseAuthentication no
diff --git a/src/fripost-postinst-udeb/sshd_config b/src/fripost-postinst-udeb/sshd_config
index 19a9b9a..6b1cfe9 100644
--- a/src/fripost-postinst-udeb/sshd_config
+++ b/src/fripost-postinst-udeb/sshd_config
@@ -3,22 +3,16 @@ Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
-Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
-#Privilege Separation is turned on for security
-UsePrivilegeSeparation sandbox
-
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
# Authentication:
-LoginGraceTime 120
PermitRootLogin no
AllowGroups ssh-login
StrictModes yes
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
@@ -26,13 +20,11 @@ PubkeyAuthentication yes
# some PAM modules and threads)
ChallengeResponseAuthentication no
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
+UsePAM yes
+AllowAgentForwarding no
X11Forwarding no
PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*