small changes on ssh & ufw settings
This commit is contained in:
parent
7471d9375e
commit
e4ec1900a6
|
@ -238,7 +238,7 @@ WARNING : SSH Configuration with root login allowed with ed25519 & ECDSA SSH key
|
|||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/)
|
||||
```bash
|
||||
# enable ufw log - allow outgoing - deny incoming
|
||||
ufw logging on
|
||||
ufw logging low
|
||||
ufw default allow outgoing
|
||||
ufw default deny incoming
|
||||
|
||||
|
|
|
@ -235,7 +235,7 @@ WARNING : SSH Configuration with root login allowed with ed25519 & ECDSA SSH key
|
|||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/)
|
||||
```bash
|
||||
# enable ufw log - allow outgoing - deny incoming
|
||||
ufw logging on
|
||||
ufw logging low
|
||||
ufw default allow outgoing
|
||||
ufw default deny incoming
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
Port 22
|
||||
|
||||
#Prefer ed25519 & ECDSA keys rather than 2048 bit RSA
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
|
@ -24,7 +25,6 @@ PermitEmptyPasswords no
|
|||
# No challenge response Authentication
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
|
||||
UsePAM yes
|
||||
X11Forwarding yes
|
||||
|
||||
|
@ -36,7 +36,7 @@ AcceptEnv LANG LC_*
|
|||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# use strong ciphers
|
||||
# use strong ciphers (you may have to comment those lines with some sftp clients)
|
||||
KexAlgorithms curve25519-sha256@libssh.org
|
||||
Ciphers chacha20-poly1305@openssh.com
|
||||
MACs umac-128-etm@openssh.com,umac-128@openssh.com
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
Port 22
|
||||
|
||||
#Prefer ed25519 & ECDSA keys rather than 2048 bit RSA
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
|
@ -24,7 +25,6 @@ PermitEmptyPasswords no
|
|||
# No challenge response Authentication
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
|
||||
UsePAM yes
|
||||
X11Forwarding yes
|
||||
|
||||
|
@ -36,7 +36,7 @@ AcceptEnv LANG LC_*
|
|||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# use strong ciphers
|
||||
# use strong ciphers (you may have to comment those lines with some sftp clients)
|
||||
KexAlgorithms curve25519-sha256@libssh.org
|
||||
Ciphers chacha20-poly1305@openssh.com
|
||||
MACs umac-128-etm@openssh.com,umac-128@openssh.com
|
||||
|
|
Loading…
Reference in New Issue