servnest
/
system
Archived
1
0
Fork 0
This repository has been archived on 2022-10-07. You can view files and clone it, but cannot push or open issues or pull requests.
system/config/sshd_config

90 lines
2.0 KiB
Plaintext
Executable File

# Potiron
LogLevel INFO # The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
#VersionAddendum Niver
AllowGroups root ht
Subsystem sftp internal-sftp
#Subsystem sftp sftp-server
## Network
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
Port 22
## Cryptography
HostKey /etc/ssh/ed25519
HostKey /etc/ssh/rsa-3072
Ciphers chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
HostKeyAlgorithms ssh-ed25519,rsa-sha2-256,rsa-sha2-512
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
## Sessions
PermitRootLogin prohibit-password
StrictModes yes
MaxAuthTries 6
MaxSessions 1
MaxStartups 3:20:200
LoginGraceTime 3m
PrintMotd yes
UsePAM yes
## Disable everything
PermitTTY no
PermitTunnel no
AllowTcpForwarding no
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
DisableForwarding yes # Disables all forwarding features, including X11, ssh-agent(1), TCP and StreamLocal.
PermitUserRC no
PermitUserEnvironment no
IgnoreRhosts yes
AuthorizedKeysFile none
AuthenticationMethods none
PubkeyAuthentication no
PasswordAuthentication no
KbdInteractiveAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
## Enable usefull features
### Administrator access
Match Group root
#### Authentication
PubkeyAuthentication yes
AuthenticationMethods publickey
AuthorizedKeysFile .ssh/authorized_keys
#### Allow the use of a terminal
PermitTTY yes
### SFTP access
Match Group ht
#### Authentication
PasswordAuthentication yes
AuthenticationMethods password
#AuthorizedKeysFile keys
#### Chroot to the home directory
ChrootDirectory %h # %h is home directory, %u is username
#### Only SFTP can be used
ForceCommand internal-sftp
#### Print a message before login
Banner /usr/local/share/niver/banner.txt