Compare commits
2 Commits
83b9e92ca2
...
0fa6816a2c
Author | SHA1 | Date |
---|---|---|
Asif Bacchus | 0fa6816a2c | |
Asif Bacchus | ad665dad0e |
|
@ -1,5 +1,29 @@
|
|||
Configuration files and/or changes to default config files in /etc/
|
||||
=
|
||||
|
||||
Setup timesyncd for NTP syncing (client only)
|
||||
Setup nano with helpful configurations both locally and via SSH
|
||||
Colourize prompt based on user-type and add additional information
|
||||
- Setup timesyncd for NTP syncing (using systemd, not ntp package)
|
||||
- set to use global pool.ntp.org, you should change this!
|
||||
- verify timesyncd is working with 'timedatectl' command
|
||||
|
||||
- Setup nano with helpful configurations both locally and via SSH
|
||||
- rebind number lock
|
||||
- constant show cursor position at bottom of screen
|
||||
- constant show line numbers on the left
|
||||
- added shortcuts for cut, copy, paste using alt-x,c,v respectively
|
||||
- enable multi-buffer for concurrent open files
|
||||
- cut to end-of-line
|
||||
- bracket and quote matching
|
||||
- tabs converted to spaces, tab = 4 spaces
|
||||
- activate default colourization
|
||||
|
||||
- Colourize prompt
|
||||
- red username for root user or shell accessed as root (su, sudo -s, etc.)
|
||||
- green username for regular users
|
||||
- display time and full path
|
||||
|
||||
- Setup SSH server
|
||||
- use non-standard port 222
|
||||
- use host-keys (RSA and ED25519 - you need to generate these!)
|
||||
- display a banner on sucessful connection
|
||||
- do not allow root login
|
||||
- require keyfile authentication (disable password authentication)
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
|
||||
*******
|
||||
*** Welcome to SERVERNAME on DOMAIN.tld
|
||||
*** Note: This server also answers to ALT_SERVERNAME on DOMAIN2.tld
|
||||
*******
|
||||
|
||||
Please note that this system is monitored and all access attempts are logged.
|
||||
Unauthorized access is prohibited.
|
||||
Your IP address and any provided keys/tokens have already been recorded.
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
#######
|
||||
### OpenSSH Configuration
|
||||
#######
|
||||
|
||||
### Connection settings
|
||||
Port 222
|
||||
ListenAddress your.private.ipv4.address
|
||||
ListenAddress [your:private:ipv6:address:use:square:brackets]
|
||||
TCPKeepAlive no
|
||||
ClientAliveInterval 60
|
||||
ClientAliveCountMax 30
|
||||
|
||||
### Authentication settings
|
||||
HostKey /etc/ssh/ed25519.key
|
||||
HostKey /etc/ssh/RSA4096.key
|
||||
PasswordAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
ChallengeResponseAuthentication no
|
||||
UsePAM yes
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
### Login settings
|
||||
LoginGraceTime 1M
|
||||
MaxAuthTries 3
|
||||
MaxSessions 5
|
||||
#PermitRootLogin prohibit-password
|
||||
PermitRootLogin no
|
||||
|
||||
### Program settings
|
||||
Banner /etc/ssh/banner
|
||||
LogLevel VERBOSE
|
||||
X11Forwarding yes
|
||||
PrintMotd no
|
||||
AcceptEnv LANG LC_*
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
@ -1 +1,3 @@
|
|||
Changes/additions to be made in /root to affect ROOT user.
|
||||
Changes/additions in the /root folder.
|
||||
=
|
||||
- default .bashrc (for reference or to return to default state)
|
Loading…
Reference in New Issue