feat: move to dedicated repo
This commit is contained in:
Simon Cornet
commit
4a88a5b28d
54 changed files with 1524 additions and 0 deletions
40
templates/sshd/sshd_config.j2
Normal file
40
templates/sshd/sshd_config.j2
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
# networking
|
||||
Protocol 2
|
||||
Port 22
|
||||
AddressFamily inet
|
||||
ListenAddress 0.0.0.0
|
||||
|
||||
# hostkey
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
# Authentication
|
||||
PermitRootLogin no
|
||||
|
||||
# Hardening
|
||||
StrictModes yes
|
||||
MaxAuthTries 2
|
||||
MaxStartups 10:50:20
|
||||
LoginGraceTime 15
|
||||
MaxSessions 8
|
||||
PasswordAuthentication no
|
||||
PubkeyAuthentication yes
|
||||
AllowUsers ansible drone hugo rundeck simon
|
||||
VersionAddendum ""
|
||||
IgnoreRhosts yes
|
||||
UseDNS no
|
||||
X11Forwarding no
|
||||
ClientAliveCountMax 8
|
||||
Compression no
|
||||
AllowTcpForwarding yes
|
||||
AllowAgentForwarding yes
|
||||
UsePAM yes
|
||||
PrintMotd no
|
||||
PrintLastLog no
|
||||
|
||||
# The cryptos
|
||||
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
||||
|
||||
# sFTP
|
||||
Subsystem sftp /usr/libexec/sftp-server
|
||||
Loading…
Add table
Add a link
Reference in a new issue