virtubox
/
ubuntu-nginx-web-server
mirror of https://github.com/VirtuBox/ubuntu-nginx-web-server
1
0
Fork 0
Code Issues Releases Wiki Activity

small changes on ssh & ufw settings

This commit is contained in:
VirtuBox 2018-06-06 00:10:58 +02:00
parent 7471d9375e
commit e4ec1900a6
4 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -238,7 +238,7 @@ WARNING : SSH Configuration with root login allowed with ed25519 & ECDSA SSH key
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/)
```bash
# enable ufw log - allow outgoing - deny incoming
ufw logging on
ufw logging low
ufw default allow outgoing
ufw default deny incoming

2
docs/README.md
View File

@ -235,7 +235,7 @@ WARNING : SSH Configuration with root login allowed with ed25519 & ECDSA SSH key
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/)
```bash
# enable ufw log - allow outgoing - deny incoming
ufw logging on
ufw logging low
ufw default allow outgoing
ufw default deny incoming

4
docs/files/etc/ssh/sshd_config
View File

@ -2,6 +2,7 @@
Port 22
#Prefer ed25519 & ECDSA keys rather than 2048 bit RSA
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
@ -24,7 +25,6 @@ PermitEmptyPasswords no
# No challenge response Authentication
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
@ -36,7 +36,7 @@ AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# use strong ciphers
# use strong ciphers (you may have to comment those lines with some sftp clients)
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com
MACs umac-128-etm@openssh.com,umac-128@openssh.com

4
etc/ssh/sshd_config
View File

@ -2,6 +2,7 @@
Port 22
#Prefer ed25519 & ECDSA keys rather than 2048 bit RSA
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
@ -24,7 +25,6 @@ PermitEmptyPasswords no
# No challenge response Authentication
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
@ -36,7 +36,7 @@ AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# use strong ciphers
# use strong ciphers (you may have to comment those lines with some sftp clients)
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com
MACs umac-128-etm@openssh.com,umac-128@openssh.com