git.ekhem.eu.org Git - server.git/log

]> git.ekhem.eu.org Git - server.git/log

Jakub Czajka [Sun, 25 Sep 2022 17:38:27 +0000 (19:38 +0200)]

[sshd] Require SSH protocol 2.

SSH protocol 1 is an older version with known vulnerabilities. This
commit requires `sshd` to use only the newer SSH protocol 2.

commit | commitdiff | tree

Jakub Czajka [Sun, 25 Sep 2022 17:19:15 +0000 (19:19 +0200)]

[sshd] Disable root login.

`PermitRootLogin` is set by default to `yes`.

commit | commitdiff | tree

Jakub Czajka [Sun, 25 Sep 2022 15:27:55 +0000 (17:27 +0200)]

[sshd] Listen on a non-standard port.

By default `sshd` listens on port 22. Most attack scripts are written
for this configuration. This commit changes the port to 72, which is
not used by any other popular service.

commit | commitdiff | tree

Jakub Czajka [Sun, 25 Sep 2022 15:11:45 +0000 (17:11 +0200)]

[sshd] Disable password authentication.

Client can authenticate with `sshd` through one of following
authentication methods (corresponding sshd_config option in brackets):
- host-based (`HostbasedAuthentication`),
- public key (`PubkeyAuthentication`),
- challenge-response (`ChallengeResponseAuthentication`),
- password (`PasswordAuthentication`).

By default, only `PubkeyAuthentication` and `PasswordAuthentication`
are enabled. This commit disables `PasswordAuthentication`. Users
can now login only using public key authentication.

commit | commitdiff | tree

Jakub Czajka [Sun, 25 Sep 2022 14:03:34 +0000 (16:03 +0200)]

[sshd] Generate default configuration.

commit | commitdiff | tree

Jakub Czajka [Sun, 25 Sep 2022 13:49:57 +0000 (15:49 +0200)]

Describe the repository in a README.

Configuration files for services deployed on a server.

RSS Atom