From b89df1a61a2bae8b1f4de4c6d238c9034c2cf326 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Wed, 9 Aug 2023 09:36:56 +0200 Subject: move common config files to etc/ --- yandex/server/etc/sshd_config | 39 --------------------------------------- 1 file changed, 39 deletions(-) delete mode 100644 yandex/server/etc/sshd_config (limited to 'yandex/server/etc/sshd_config') diff --git a/yandex/server/etc/sshd_config b/yandex/server/etc/sshd_config deleted file mode 100644 index ae08408..0000000 --- a/yandex/server/etc/sshd_config +++ /dev/null @@ -1,39 +0,0 @@ -Protocol 2 -Port ${port} - -# Drop idle sessions: -ClientAliveCountMax 3 -ClientAliveInterval 15 - -# Allow reverse tunnels: -GatewayPorts yes - -# Miscellaneous: -PrintMotd no - -# Hardening. -# Source: https://infosec.mozilla.org/guidelines/openssh.html - -# Only Ed25519: -HostKey /etc/ssh/ssh_host_ed25519_key - -# Only the first choices for ciphers: -KexAlgorithms curve25519-sha256@libssh.org -Ciphers chacha20-poly1305@openssh.com -MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com - -# No password login: -PasswordAuthentication no -AuthenticationMethods publickey -# Whitelist users: -PermitRootLogin no -AllowGroups ${join(" ", users)} - -# Log things: -Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO - -# Whitelist accepted environment variables: -AcceptEnv LANG LC_* - -# Why the fuck would I need X11 forwarding? -X11Forwarding no -- cgit v1.2.3