From 07c280e03841712050bf726e8eab6d11fbe2a047 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 17 May 2020 06:44:37 +0200 Subject: Consolidate sshd_config --- src/fripost-partman-udeb/base.sh | 2 -- src/fripost-postinst-udeb/sshd_config | 16 ++++------------ 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/src/fripost-partman-udeb/base.sh b/src/fripost-partman-udeb/base.sh index 329bd35..2de0ba1 100644 --- a/src/fripost-partman-udeb/base.sh +++ b/src/fripost-partman-udeb/base.sh @@ -284,9 +284,7 @@ fripost_encrypt() { cat > /etc/ssh/sshd_config <<- EOF Port 22 - Protocol 2 HostKey $sshHostKey - UsePrivilegeSeparation no PasswordAuthentication no ChallengeResponseAuthentication no diff --git a/src/fripost-postinst-udeb/sshd_config b/src/fripost-postinst-udeb/sshd_config index 19a9b9a..6b1cfe9 100644 --- a/src/fripost-postinst-udeb/sshd_config +++ b/src/fripost-postinst-udeb/sshd_config @@ -3,22 +3,16 @@ Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 -Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key -#Privilege Separation is turned on for security -UsePrivilegeSeparation sandbox - -# Logging -SyslogFacility AUTH -LogLevel INFO # Authentication: -LoginGraceTime 120 PermitRootLogin no AllowGroups ssh-login StrictModes yes +# Change to no to disable tunnelled clear text passwords +PasswordAuthentication no PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys @@ -26,13 +20,11 @@ PubkeyAuthentication yes # some PAM modules and threads) ChallengeResponseAuthentication no -# Change to no to disable tunnelled clear text passwords -PasswordAuthentication no +UsePAM yes +AllowAgentForwarding no X11Forwarding no PrintMotd no -PrintLastLog yes -TCPKeepAlive yes # Allow client to pass locale environment variables AcceptEnv LANG LC_* -- cgit v1.2.3