aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/digitalocean/server/etc/sshd_config
diff options
context:
space:
mode:
Diffstat (limited to 'digitalocean/server/etc/sshd_config')
-rw-r--r--digitalocean/server/etc/sshd_config39
1 files changed, 0 insertions, 39 deletions
diff --git a/digitalocean/server/etc/sshd_config b/digitalocean/server/etc/sshd_config
deleted file mode 100644
index ae08408..0000000
--- a/digitalocean/server/etc/sshd_config
+++ /dev/null
@@ -1,39 +0,0 @@
-Protocol 2
-Port ${port}
-
-# Drop idle sessions:
-ClientAliveCountMax 3
-ClientAliveInterval 15
-
-# Allow reverse tunnels:
-GatewayPorts yes
-
-# Miscellaneous:
-PrintMotd no
-
-# Hardening.
-# Source: https://infosec.mozilla.org/guidelines/openssh.html
-
-# Only Ed25519:
-HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Only the first choices for ciphers:
-KexAlgorithms curve25519-sha256@libssh.org
-Ciphers chacha20-poly1305@openssh.com
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
-
-# No password login:
-PasswordAuthentication no
-AuthenticationMethods publickey
-# Whitelist users:
-PermitRootLogin no
-AllowGroups ${join(" ", users)}
-
-# Log things:
-Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
-
-# Whitelist accepted environment variables:
-AcceptEnv LANG LC_*
-
-# Why the fuck would I need X11 forwarding?
-X11Forwarding no