summaryrefslogtreecommitdiff
path: root/public/fs/etc/ssh
diff options
context:
space:
mode:
Diffstat (limited to 'public/fs/etc/ssh')
-rwxr-xr-xpublic/fs/etc/ssh/sshd-config.sh7
-rw-r--r--public/fs/etc/ssh/sshd_config.in42
2 files changed, 49 insertions, 0 deletions
diff --git a/public/fs/etc/ssh/sshd-config.sh b/public/fs/etc/ssh/sshd-config.sh
new file mode 100755
index 0000000..7661108
--- /dev/null
+++ b/public/fs/etc/ssh/sshd-config.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -eu
+
+source /root/config/private/fs/etc/server.ports
+
+sed -e 's/@ssh_port@/'${ssh_port}'/g' "$1"
diff --git a/public/fs/etc/ssh/sshd_config.in b/public/fs/etc/ssh/sshd_config.in
new file mode 100644
index 0000000..e50456b
--- /dev/null
+++ b/public/fs/etc/ssh/sshd_config.in
@@ -0,0 +1,42 @@
+
+Port @ssh_port@
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+
+SyslogFacility AUTH
+LogLevel VERBOSE
+
+LoginGraceTime 2m
+StrictModes yes
+MaxAuthTries 6
+MaxSessions 256
+
+UsePAM yes
+PubkeyAuthentication yes
+PermitRootLogin without-password
+
+PasswordAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+
+AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedPrincipalsFile none
+
+AuthorizedKeysCommand none
+AuthorizedKeysCommandUser nobody
+
+
+AllowTcpForwarding yes
+AllowAgentForwarding no
+GatewayPorts no
+X11Forwarding no
+
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL