From 0fa6816a2cf7d021fed2cf33110fe2218d7613df Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@bacchus.cloud>
Date: Sun, 26 Aug 2018 04:26:11 -0600
Subject: [PATCH] Added SSH server configuration

---
 config/etc/ssh/banner      | 10 ++++++++++
 config/etc/ssh/sshd_config | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 config/etc/ssh/banner
 create mode 100644 config/etc/ssh/sshd_config

diff --git a/config/etc/ssh/banner b/config/etc/ssh/banner
new file mode 100644
index 0000000..a1e865b
--- /dev/null
+++ b/config/etc/ssh/banner
@@ -0,0 +1,10 @@
+
+*******
+*** Welcome to SERVERNAME on DOMAIN.tld
+*** Note: This server also answers to ALT_SERVERNAME on DOMAIN2.tld
+*******
+
+Please note that this system is monitored and all access attempts are logged.
+Unauthorized access is prohibited.
+Your IP address and any provided keys/tokens have already been recorded.
+
diff --git a/config/etc/ssh/sshd_config b/config/etc/ssh/sshd_config
new file mode 100644
index 0000000..f27b03d
--- /dev/null
+++ b/config/etc/ssh/sshd_config
@@ -0,0 +1,35 @@
+#######
+### OpenSSH Configuration
+#######
+
+### Connection settings
+Port 222
+ListenAddress your.private.ipv4.address
+ListenAddress [your:private:ipv6:address:use:square:brackets]
+TCPKeepAlive no
+ClientAliveInterval 60
+ClientAliveCountMax 30
+
+### Authentication settings
+HostKey /etc/ssh/ed25519.key
+HostKey /etc/ssh/RSA4096.key
+PasswordAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+UsePAM yes
+AuthorizedKeysFile .ssh/authorized_keys
+
+### Login settings
+LoginGraceTime 1M
+MaxAuthTries 3
+MaxSessions 5
+#PermitRootLogin prohibit-password
+PermitRootLogin no
+
+### Program settings
+Banner /etc/ssh/banner
+LogLevel VERBOSE
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem sftp /usr/lib/openssh/sftp-server