diff --git a/public/fs/etc/ssh/sshd-config.sh b/public/fs/etc/ssh/sshd-config.sh new file mode 100755 index 0000000..7661108 --- /dev/null +++ b/public/fs/etc/ssh/sshd-config.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -eu + +source /root/config/private/fs/etc/server.ports + +sed -e 's/@ssh_port@/'${ssh_port}'/g' "$1" diff --git a/public/fs/etc/ssh/sshd_config.in b/public/fs/etc/ssh/sshd_config.in new file mode 100644 index 0000000..e50456b --- /dev/null +++ b/public/fs/etc/ssh/sshd_config.in @@ -0,0 +1,42 @@ + +Port @ssh_port@ +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: + +HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key + +SyslogFacility AUTH +LogLevel VERBOSE + +LoginGraceTime 2m +StrictModes yes +MaxAuthTries 6 +MaxSessions 256 + +UsePAM yes +PubkeyAuthentication yes +PermitRootLogin without-password + +PasswordAuthentication no +PermitEmptyPasswords no +ChallengeResponseAuthentication no + +AuthorizedKeysFile .ssh/authorized_keys +AuthorizedPrincipalsFile none + +AuthorizedKeysCommand none +AuthorizedKeysCommandUser nobody + + +AllowTcpForwarding yes +AllowAgentForwarding no +GatewayPorts no +X11Forwarding no + +Subsystem sftp /usr/lib/ssh/sftp-server + +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL