aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/yandex/server/etc
diff options
context:
space:
mode:
Diffstat (limited to 'yandex/server/etc')
-rw-r--r--yandex/server/etc/cloud-init.cfg13
-rw-r--r--yandex/server/etc/sshd_config39
2 files changed, 0 insertions, 52 deletions
diff --git a/yandex/server/etc/cloud-init.cfg b/yandex/server/etc/cloud-init.cfg
deleted file mode 100644
index 8ed371c..0000000
--- a/yandex/server/etc/cloud-init.cfg
+++ /dev/null
@@ -1,13 +0,0 @@
-#cloud-config
-
-users:
- - name: ${jsonencode(user)}
- lock_passwd: false
- hashed_passwd: '*'
- sudo: ALL=(ALL) NOPASSWD:ALL
- ssh_authorized_keys: ${jsonencode(ssh_keys)}
- shell: /bin/bash
-
-write_files:
- - path: /etc/ssh/sshd_config
- content: ${jsonencode(sshd_config)}
diff --git a/yandex/server/etc/sshd_config b/yandex/server/etc/sshd_config
deleted file mode 100644
index ae08408..0000000
--- a/yandex/server/etc/sshd_config
+++ /dev/null
@@ -1,39 +0,0 @@
-Protocol 2
-Port ${port}
-
-# Drop idle sessions:
-ClientAliveCountMax 3
-ClientAliveInterval 15
-
-# Allow reverse tunnels:
-GatewayPorts yes
-
-# Miscellaneous:
-PrintMotd no
-
-# Hardening.
-# Source: https://infosec.mozilla.org/guidelines/openssh.html
-
-# Only Ed25519:
-HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Only the first choices for ciphers:
-KexAlgorithms curve25519-sha256@libssh.org
-Ciphers chacha20-poly1305@openssh.com
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
-
-# No password login:
-PasswordAuthentication no
-AuthenticationMethods publickey
-# Whitelist users:
-PermitRootLogin no
-AllowGroups ${join(" ", users)}
-
-# Log things:
-Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
-
-# Whitelist accepted environment variables:
-AcceptEnv LANG LC_*
-
-# Why the fuck would I need X11 forwarding?
-X11Forwarding no