Default ssh port changed to 2222
This commit is contained in:
parent
0d51f13e97
commit
487160fb94
|
@ -83,9 +83,9 @@ partition uuid variables in the config (all variables beginning with `PARTITION_
|
||||||
## (Optional) sshd
|
## (Optional) sshd
|
||||||
|
|
||||||
The script can provide a fully configured ssh daemon with reasonably good security settings.
|
The script can provide a fully configured ssh daemon with reasonably good security settings.
|
||||||
It will by default only allow ed25519 keys, restrict the key exchange algorithms, disable
|
It will by default run on port `2222`, only allow ed25519 keys, restrict the key exchange
|
||||||
any password based authentication, and only allow specifically mentioned users to use ssh
|
algorithms, disable any password based authentication, and only allow specifically mentioned
|
||||||
(none by default).
|
users to use ssh service (none by default).
|
||||||
|
|
||||||
To add a user to the list of allowed users, append `AllowUsers myuser` to `/etc/ssh/sshd_config`.
|
To add a user to the list of allowed users, append `AllowUsers myuser` to `/etc/ssh/sshd_config`.
|
||||||
I recommend to create a separate group for all ssh users (like `sshusers`) and
|
I recommend to create a separate group for all ssh users (like `sshusers`) and
|
||||||
|
@ -125,7 +125,7 @@ or should consider:
|
||||||
- Set `EMERGE_DEFAULT_OPTS` to `-jN` if you want parallel emerging
|
- Set `EMERGE_DEFAULT_OPTS` to `-jN` if you want parallel emerging
|
||||||
- Set `FEATURES="buildpkg"` if you want to build binary packages
|
- Set `FEATURES="buildpkg"` if you want to build binary packages
|
||||||
* Use a safe umask like `umask 0077`
|
* Use a safe umask like `umask 0077`
|
||||||
* Edit `/etc/ssh/sshd_config`, change the port and create a `sshusers` group.
|
* Edit `/etc/ssh/sshd_config`, change the port if you want and create a `sshusers` group.
|
||||||
* Encrypt your system using LUKS
|
* Encrypt your system using LUKS
|
||||||
- Remount the root fs read-only
|
- Remount the root fs read-only
|
||||||
- Use `rsync -axHAWXS --numeric-ids --info=progress2 / /path/to/backup` to safely backup the whole
|
- Use `rsync -axHAWXS --numeric-ids --info=progress2 / /path/to/backup` to safely backup the whole
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# This is the sshd server system-wide configuration file. See
|
# This is the sshd server system-wide configuration file. See
|
||||||
# sshd_config(5) for more information.
|
# sshd_config(5) for more information.
|
||||||
|
|
||||||
Port 22
|
Port 2222
|
||||||
#AddressFamily any
|
#AddressFamily any
|
||||||
#ListenAddress 0.0.0.0
|
#ListenAddress 0.0.0.0
|
||||||
#ListenAddress ::
|
#ListenAddress ::
|
||||||
|
|
Loading…
Reference in New Issue