Added SSH server configuration

2018-08-26 04:26:11 -06:00 · 2018-08-26 04:26:11 -06:00 · 0fa6816a2c
commit 0fa6816a2c
parent ad665dad0e
2 changed files with 45 additions and 0 deletions
--- a/config/etc/ssh/banner
+++ b/config/etc/ssh/banner
@ -0,0 +1,10 @@
+
+*******
+*** Welcome to SERVERNAME on DOMAIN.tld
+*** Note: This server also answers to ALT_SERVERNAME on DOMAIN2.tld
+*******
+
+Please note that this system is monitored and all access attempts are logged.
+Unauthorized access is prohibited.
+Your IP address and any provided keys/tokens have already been recorded.
+
--- a/config/etc/ssh/sshd_config
+++ b/config/etc/ssh/sshd_config
@ -0,0 +1,35 @@
+#######
+### OpenSSH Configuration
+#######
+
+### Connection settings
+Port 222
+ListenAddress your.private.ipv4.address
+ListenAddress [your:private:ipv6:address:use:square:brackets]
+TCPKeepAlive no
+ClientAliveInterval 60
+ClientAliveCountMax 30
+
+### Authentication settings
+HostKey /etc/ssh/ed25519.key
+HostKey /etc/ssh/RSA4096.key
+PasswordAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+UsePAM yes
+AuthorizedKeysFile .ssh/authorized_keys
+
+### Login settings
+LoginGraceTime 1M
+MaxAuthTries 3
+MaxSessions 5
+#PermitRootLogin prohibit-password
+PermitRootLogin no
+
+### Program settings
+Banner /etc/ssh/banner
+LogLevel VERBOSE
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem sftp /usr/lib/openssh/sftp-server