From 0fa6816a2cf7d021fed2cf33110fe2218d7613df Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Sun, 26 Aug 2018 04:26:11 -0600 Subject: [PATCH] Added SSH server configuration --- config/etc/ssh/banner | 10 ++++++++++ config/etc/ssh/sshd_config | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 config/etc/ssh/banner create mode 100644 config/etc/ssh/sshd_config diff --git a/config/etc/ssh/banner b/config/etc/ssh/banner new file mode 100644 index 0000000..a1e865b --- /dev/null +++ b/config/etc/ssh/banner @@ -0,0 +1,10 @@ + +******* +*** Welcome to SERVERNAME on DOMAIN.tld +*** Note: This server also answers to ALT_SERVERNAME on DOMAIN2.tld +******* + +Please note that this system is monitored and all access attempts are logged. +Unauthorized access is prohibited. +Your IP address and any provided keys/tokens have already been recorded. + diff --git a/config/etc/ssh/sshd_config b/config/etc/ssh/sshd_config new file mode 100644 index 0000000..f27b03d --- /dev/null +++ b/config/etc/ssh/sshd_config @@ -0,0 +1,35 @@ +####### +### OpenSSH Configuration +####### + +### Connection settings +Port 222 +ListenAddress your.private.ipv4.address +ListenAddress [your:private:ipv6:address:use:square:brackets] +TCPKeepAlive no +ClientAliveInterval 60 +ClientAliveCountMax 30 + +### Authentication settings +HostKey /etc/ssh/ed25519.key +HostKey /etc/ssh/RSA4096.key +PasswordAuthentication no +PermitEmptyPasswords no +ChallengeResponseAuthentication no +UsePAM yes +AuthorizedKeysFile .ssh/authorized_keys + +### Login settings +LoginGraceTime 1M +MaxAuthTries 3 +MaxSessions 5 +#PermitRootLogin prohibit-password +PermitRootLogin no + +### Program settings +Banner /etc/ssh/banner +LogLevel VERBOSE +X11Forwarding yes +PrintMotd no +AcceptEnv LANG LC_* +Subsystem sftp /usr/lib/openssh/sftp-server