dépôts / lhc / admin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e00a8e1)
Ajout : srv/ateliers/etc/ssh/
authorJulien Moutinho <julm+heureux-cyclage@autogeree.net>
Thu, 2 Apr 2015 10:35:29 +0000 (12:35 +0200)
committerJulien Moutinho <julm+heureux-cyclage@autogeree.net>
Thu, 2 Apr 2015 11:30:55 +0000 (13:30 +0200)
lib/tool/admin patch | blob | history
sec patch | blob | history
srv/ateliers/etc/gnupg [new symlink] patch | blob
srv/ateliers/etc/ssh/... [new symlink] patch | blob
srv/ateliers/etc/ssh/install [new symlink] patch | blob
srv/ateliers/etc/ssh/moduli [new symlink] patch | blob
srv/ateliers/etc/ssh/ssh_config [new file with mode: 0644] patch | blob
srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg [new symlink] patch | blob
srv/ateliers/etc/ssh/ssh_host_rsa_key.pub [new symlink] patch | blob
srv/ateliers/etc/ssh/sshd_config [new file with mode: 0644] patch | blob
srv/ateliers/sec [new symlink] patch | blob

diff --git a/lib/tool/admin b/lib/tool/admin
index 88674af..35fa89f 160000 (submodule)
--- a/lib/tool/admin
+++ b/lib/tool/admin
@@ -1 +1 @@
-Subproject commit 88674af9adc5adaa66abbef421bf0af867c234ff
+Subproject commit 35fa89f7261e3909983444c32241a9b14d033122
diff --git a/sec b/sec
index 7ee617f..70698eb 160000 (submodule)
--- a/sec
+++ b/sec
@@ -1 +1 @@
-Subproject commit 7ee617f7325510f41615447920cede39007f304e
+Subproject commit 70698eb4df8b546882e8aaeaea40c8d12e01279d
diff --git a/srv/ateliers/etc/gnupg b/srv/ateliers/etc/gnupg
new file mode 120000 (symlink)
index 0000000..ee5e167
--- /dev/null
+++ b/srv/ateliers/etc/gnupg
@@ -0,0 +1 @@
+.../..../etc/gnupg
\ No newline at end of file
diff --git a/srv/ateliers/etc/ssh/... b/srv/ateliers/etc/ssh/...
new file mode 120000 (symlink)
index 0000000..951b30d
--- /dev/null
+++ b/srv/ateliers/etc/ssh/...
@@ -0,0 +1 @@
+../...
\ No newline at end of file
diff --git a/srv/ateliers/etc/ssh/install b/srv/ateliers/etc/ssh/install
new file mode 120000 (symlink)
index 0000000..81e6d68
--- /dev/null
+++ b/srv/ateliers/etc/ssh/install
@@ -0,0 +1 @@
+.../lib/tool/admin/etc/ssh/install
\ No newline at end of file
diff --git a/srv/ateliers/etc/ssh/moduli b/srv/ateliers/etc/ssh/moduli
new file mode 120000 (symlink)
index 0000000..b4d8a0a
--- /dev/null
+++ b/srv/ateliers/etc/ssh/moduli
@@ -0,0 +1 @@
+.../sec/etc/ssh/moduli
\ No newline at end of file
diff --git a/srv/ateliers/etc/ssh/ssh_config b/srv/ateliers/etc/ssh/ssh_config
new file mode 100644 (file)
index 0000000..5a04097
--- /dev/null
+++ b/srv/ateliers/etc/ssh/ssh_config
@@ -0,0 +1,20 @@
+# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html
+Host *
+       #Compression yes
+       #CompressionLevel 9
+       Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+       ControlMaster auto
+       ControlPath ~/.ssh/%h-%p-%r.sock
+       GSSAPIAuthentication no
+       GSSAPIDelegateCredentials no
+       HashKnownHosts yes
+       IdentityFile ~/.ssh/id_dsa
+       IdentityFile ~/.ssh/id_rsa
+       IdentityFile ~/.ssh/identity
+       KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+       MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
+       SendEnv LANG LC_*
+       StrictHostKeyChecking ask
+       UserKnownHostsFile ~/.ssh/known_hosts
+
+# vim: ft=sshconfig
diff --git a/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg b/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg
new file mode 120000 (symlink)
index 0000000..c451ff3
--- /dev/null
+++ b/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg
@@ -0,0 +1 @@
+.../sec/etc/ssh/ssh_host_rsa_key.gpg
\ No newline at end of file
diff --git a/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub b/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub
new file mode 120000 (symlink)
index 0000000..e9e3b6a
--- /dev/null
+++ b/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+.../sec/etc/ssh/ssh_host_rsa_key.pub
\ No newline at end of file
diff --git a/srv/ateliers/etc/ssh/sshd_config b/srv/ateliers/etc/ssh/sshd_config
new file mode 100644 (file)
index 0000000..9643da1
--- /dev/null
+++ b/srv/ateliers/etc/ssh/sshd_config
@@ -0,0 +1,48 @@
+# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html
+AcceptEnv LANG LC_*
+AuthorizedKeysFile %h/.ssh/authorized_keys
+ChallengeResponseAuthentication no
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+ClientAliveInterval 0
+Compression yes
+DebianBanner no
+GSSAPIAuthentication no
+#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostbasedAuthentication no
+IgnoreRhosts yes
+IgnoreUserKnownHosts no
+KerberosAuthentication no
+#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+KeyRegenerationInterval 3600
+ListenAddress 0.0.0.0:22
+LogLevel INFO
+LoginGraceTime 120
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
+MaxAuthTries 5
+PasswordAuthentication no
+PermitEmptyPasswords no
+PermitRootLogin yes
+PrintLastLog yes
+PrintMotd no
+Protocol 2
+PubkeyAuthentication yes
+RSAAuthentication yes
+RhostsRSAAuthentication no
+ServerKeyBits 768
+StrictModes yes
+SyslogFacility AUTH
+TCPKeepAlive yes
+UsePAM yes
+UsePrivilegeSeparation yes
+X11DisplayOffset 10
+X11Forwarding no
+
+Subsystem sftp internal-sftp
+Match Group sftp
+       AllowTCPForwarding no
+       ChrootDirectory %h
+       ForceCommand internal-sftp
+       X11Forwarding no
+
+# vim: ft=sshdconfig
diff --git a/srv/ateliers/sec b/srv/ateliers/sec
new file mode 120000 (symlink)
index 0000000..fd17a3d
--- /dev/null
+++ b/srv/ateliers/sec
@@ -0,0 +1 @@
+..../sec/srv/ateliers
\ No newline at end of file
outils d'administration d'ateliers.heureux-cyclage.org