Default ssh port changed to 2222

This commit is contained in:
oddlama 2020-01-09 19:02:52 +01:00
parent 0d51f13e97
commit 487160fb94
No known key found for this signature in database
GPG Key ID: 88EA325D51D53908
2 changed files with 5 additions and 5 deletions

View File

@ -83,9 +83,9 @@ partition uuid variables in the config (all variables beginning with `PARTITION_
## (Optional) sshd ## (Optional) sshd
The script can provide a fully configured ssh daemon with reasonably good security settings. The script can provide a fully configured ssh daemon with reasonably good security settings.
It will by default only allow ed25519 keys, restrict the key exchange algorithms, disable It will by default run on port `2222`, only allow ed25519 keys, restrict the key exchange
any password based authentication, and only allow specifically mentioned users to use ssh algorithms, disable any password based authentication, and only allow specifically mentioned
(none by default). users to use ssh service (none by default).
To add a user to the list of allowed users, append `AllowUsers myuser` to `/etc/ssh/sshd_config`. To add a user to the list of allowed users, append `AllowUsers myuser` to `/etc/ssh/sshd_config`.
I recommend to create a separate group for all ssh users (like `sshusers`) and I recommend to create a separate group for all ssh users (like `sshusers`) and
@ -125,7 +125,7 @@ or should consider:
- Set `EMERGE_DEFAULT_OPTS` to `-jN` if you want parallel emerging - Set `EMERGE_DEFAULT_OPTS` to `-jN` if you want parallel emerging
- Set `FEATURES="buildpkg"` if you want to build binary packages - Set `FEATURES="buildpkg"` if you want to build binary packages
* Use a safe umask like `umask 0077` * Use a safe umask like `umask 0077`
* Edit `/etc/ssh/sshd_config`, change the port and create a `sshusers` group. * Edit `/etc/ssh/sshd_config`, change the port if you want and create a `sshusers` group.
* Encrypt your system using LUKS * Encrypt your system using LUKS
- Remount the root fs read-only - Remount the root fs read-only
- Use `rsync -axHAWXS --numeric-ids --info=progress2 / /path/to/backup` to safely backup the whole - Use `rsync -axHAWXS --numeric-ids --info=progress2 / /path/to/backup` to safely backup the whole

View File

@ -3,7 +3,7 @@
# This is the sshd server system-wide configuration file. See # This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information. # sshd_config(5) for more information.
Port 22 Port 2222
#AddressFamily any #AddressFamily any
#ListenAddress 0.0.0.0 #ListenAddress 0.0.0.0
#ListenAddress :: #ListenAddress ::