Added SSH server configuration

config/etc/readme.md

@@ -1,5 +1,29 @@
 Configuration files and/or changes to default config files in /etc/
+=
 
-Setup timesyncd for NTP syncing (client only)
-Setup nano with helpful configurations both locally and via SSH
-Colourize prompt based on user-type and add additional information
+ - Setup timesyncd for NTP syncing (using systemd, not ntp package)  
+   - set to use global pool.ntp.org, you should change this!
+   - verify timesyncd is working with 'timedatectl' command
+
+ - Setup nano with helpful configurations both locally and via SSH  
+   - rebind number lock
+   - constant show cursor position at bottom of screen
+   - constant show line numbers on the left
+   - added shortcuts for cut, copy, paste using alt-x,c,v respectively
+   - enable multi-buffer for concurrent open files
+   - cut to end-of-line
+   - bracket and quote matching
+   - tabs converted to spaces, tab = 4 spaces
+   - activate default colourization
+
+ - Colourize prompt  
+   - red username for root user or shell accessed as root (su, sudo -s, etc.)
+   - green username for regular users
+   - display time and full path
+
+ - Setup SSH server  
+   - use non-standard port 222
+   - use host-keys (RSA and ED25519 - you need to generate these!)
+   - display a banner on sucessful connection
+   - do not allow root login
+   - require keyfile authentication (disable password authentication)

config/etc/ssh/banner

@@ -0,0 +1,10 @@
+
+*******
+*** Welcome to SERVERNAME on DOMAIN.tld
+*** Note: This server also answers to ALT_SERVERNAME on DOMAIN2.tld
+*******
+
+Please note that this system is monitored and all access attempts are logged.
+Unauthorized access is prohibited.
+Your IP address and any provided keys/tokens have already been recorded.
+

config/etc/ssh/sshd_config

@@ -0,0 +1,35 @@
+#######
+### OpenSSH Configuration
+#######
+
+### Connection settings
+Port 222
+ListenAddress your.private.ipv4.address
+ListenAddress [your:private:ipv6:address:use:square:brackets]
+TCPKeepAlive no
+ClientAliveInterval 60
+ClientAliveCountMax 30
+
+### Authentication settings
+HostKey /etc/ssh/ed25519.key
+HostKey /etc/ssh/RSA4096.key
+PasswordAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+UsePAM yes
+AuthorizedKeysFile .ssh/authorized_keys
+
+### Login settings
+LoginGraceTime 1M
+MaxAuthTries 3
+MaxSessions 5
+#PermitRootLogin prohibit-password
+PermitRootLogin no
+
+### Program settings
+Banner /etc/ssh/banner
+LogLevel VERBOSE
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem sftp /usr/lib/openssh/sftp-server

config/root/readme.md

@@ -1 +1,3 @@
-Changes/additions to be made in /root to affect ROOT user.
+Changes/additions in the /root folder.
+=
+- default .bashrc (for reference or to return to default state)