Compare commits
2 Commits
83b9e92ca2
...
0fa6816a2c
Author | SHA1 | Date |
---|---|---|
Asif Bacchus | 0fa6816a2c | |
Asif Bacchus | ad665dad0e |
|
@ -1,5 +1,29 @@
|
||||||
Configuration files and/or changes to default config files in /etc/
|
Configuration files and/or changes to default config files in /etc/
|
||||||
|
=
|
||||||
|
|
||||||
Setup timesyncd for NTP syncing (client only)
|
- Setup timesyncd for NTP syncing (using systemd, not ntp package)
|
||||||
Setup nano with helpful configurations both locally and via SSH
|
- set to use global pool.ntp.org, you should change this!
|
||||||
Colourize prompt based on user-type and add additional information
|
- verify timesyncd is working with 'timedatectl' command
|
||||||
|
|
||||||
|
- Setup nano with helpful configurations both locally and via SSH
|
||||||
|
- rebind number lock
|
||||||
|
- constant show cursor position at bottom of screen
|
||||||
|
- constant show line numbers on the left
|
||||||
|
- added shortcuts for cut, copy, paste using alt-x,c,v respectively
|
||||||
|
- enable multi-buffer for concurrent open files
|
||||||
|
- cut to end-of-line
|
||||||
|
- bracket and quote matching
|
||||||
|
- tabs converted to spaces, tab = 4 spaces
|
||||||
|
- activate default colourization
|
||||||
|
|
||||||
|
- Colourize prompt
|
||||||
|
- red username for root user or shell accessed as root (su, sudo -s, etc.)
|
||||||
|
- green username for regular users
|
||||||
|
- display time and full path
|
||||||
|
|
||||||
|
- Setup SSH server
|
||||||
|
- use non-standard port 222
|
||||||
|
- use host-keys (RSA and ED25519 - you need to generate these!)
|
||||||
|
- display a banner on sucessful connection
|
||||||
|
- do not allow root login
|
||||||
|
- require keyfile authentication (disable password authentication)
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
|
||||||
|
*******
|
||||||
|
*** Welcome to SERVERNAME on DOMAIN.tld
|
||||||
|
*** Note: This server also answers to ALT_SERVERNAME on DOMAIN2.tld
|
||||||
|
*******
|
||||||
|
|
||||||
|
Please note that this system is monitored and all access attempts are logged.
|
||||||
|
Unauthorized access is prohibited.
|
||||||
|
Your IP address and any provided keys/tokens have already been recorded.
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
#######
|
||||||
|
### OpenSSH Configuration
|
||||||
|
#######
|
||||||
|
|
||||||
|
### Connection settings
|
||||||
|
Port 222
|
||||||
|
ListenAddress your.private.ipv4.address
|
||||||
|
ListenAddress [your:private:ipv6:address:use:square:brackets]
|
||||||
|
TCPKeepAlive no
|
||||||
|
ClientAliveInterval 60
|
||||||
|
ClientAliveCountMax 30
|
||||||
|
|
||||||
|
### Authentication settings
|
||||||
|
HostKey /etc/ssh/ed25519.key
|
||||||
|
HostKey /etc/ssh/RSA4096.key
|
||||||
|
PasswordAuthentication no
|
||||||
|
PermitEmptyPasswords no
|
||||||
|
ChallengeResponseAuthentication no
|
||||||
|
UsePAM yes
|
||||||
|
AuthorizedKeysFile .ssh/authorized_keys
|
||||||
|
|
||||||
|
### Login settings
|
||||||
|
LoginGraceTime 1M
|
||||||
|
MaxAuthTries 3
|
||||||
|
MaxSessions 5
|
||||||
|
#PermitRootLogin prohibit-password
|
||||||
|
PermitRootLogin no
|
||||||
|
|
||||||
|
### Program settings
|
||||||
|
Banner /etc/ssh/banner
|
||||||
|
LogLevel VERBOSE
|
||||||
|
X11Forwarding yes
|
||||||
|
PrintMotd no
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
@ -1 +1,3 @@
|
||||||
Changes/additions to be made in /root to affect ROOT user.
|
Changes/additions in the /root folder.
|
||||||
|
=
|
||||||
|
- default .bashrc (for reference or to return to default state)
|
Loading…
Reference in New Issue