From: Julien Moutinho Date: Thu, 2 Apr 2015 10:35:29 +0000 (+0200) Subject: Ajout : srv/ateliers/etc/ssh/ X-Git-Url: http://git.cyclocoop.org/?p=lhc%2Fadmin.git;a=commitdiff_plain;h=dc3f12976a7f51e61b3c6e4e03acee65caad1b58 Ajout : srv/ateliers/etc/ssh/ --- diff --git a/lib/tool/admin b/lib/tool/admin index 88674af..35fa89f 160000 --- a/lib/tool/admin +++ b/lib/tool/admin @@ -1 +1 @@ -Subproject commit 88674af9adc5adaa66abbef421bf0af867c234ff +Subproject commit 35fa89f7261e3909983444c32241a9b14d033122 diff --git a/sec b/sec index 7ee617f..70698eb 160000 --- a/sec +++ b/sec @@ -1 +1 @@ -Subproject commit 7ee617f7325510f41615447920cede39007f304e +Subproject commit 70698eb4df8b546882e8aaeaea40c8d12e01279d diff --git a/srv/ateliers/etc/gnupg b/srv/ateliers/etc/gnupg new file mode 120000 index 0000000..ee5e167 --- /dev/null +++ b/srv/ateliers/etc/gnupg @@ -0,0 +1 @@ +.../..../etc/gnupg \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/... b/srv/ateliers/etc/ssh/... new file mode 120000 index 0000000..951b30d --- /dev/null +++ b/srv/ateliers/etc/ssh/... @@ -0,0 +1 @@ +../... \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/install b/srv/ateliers/etc/ssh/install new file mode 120000 index 0000000..81e6d68 --- /dev/null +++ b/srv/ateliers/etc/ssh/install @@ -0,0 +1 @@ +.../lib/tool/admin/etc/ssh/install \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/moduli b/srv/ateliers/etc/ssh/moduli new file mode 120000 index 0000000..b4d8a0a --- /dev/null +++ b/srv/ateliers/etc/ssh/moduli @@ -0,0 +1 @@ +.../sec/etc/ssh/moduli \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/ssh_config b/srv/ateliers/etc/ssh/ssh_config new file mode 100644 index 0000000..5a04097 --- /dev/null +++ b/srv/ateliers/etc/ssh/ssh_config @@ -0,0 +1,20 @@ +# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html +Host * + #Compression yes + #CompressionLevel 9 + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + ControlMaster auto + ControlPath ~/.ssh/%h-%p-%r.sock + GSSAPIAuthentication no + GSSAPIDelegateCredentials no + HashKnownHosts yes + IdentityFile ~/.ssh/id_dsa + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/identity + KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com + SendEnv LANG LC_* + StrictHostKeyChecking ask + UserKnownHostsFile ~/.ssh/known_hosts + +# vim: ft=sshconfig diff --git a/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg b/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg new file mode 120000 index 0000000..c451ff3 --- /dev/null +++ b/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg @@ -0,0 +1 @@ +.../sec/etc/ssh/ssh_host_rsa_key.gpg \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub b/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub new file mode 120000 index 0000000..e9e3b6a --- /dev/null +++ b/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +.../sec/etc/ssh/ssh_host_rsa_key.pub \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/sshd_config b/srv/ateliers/etc/ssh/sshd_config new file mode 100644 index 0000000..9643da1 --- /dev/null +++ b/srv/ateliers/etc/ssh/sshd_config @@ -0,0 +1,48 @@ +# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html +AcceptEnv LANG LC_* +AuthorizedKeysFile %h/.ssh/authorized_keys +ChallengeResponseAuthentication no +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr +ClientAliveInterval 0 +Compression yes +DebianBanner no +GSSAPIAuthentication no +#HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key +HostbasedAuthentication no +IgnoreRhosts yes +IgnoreUserKnownHosts no +KerberosAuthentication no +#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 +KeyRegenerationInterval 3600 +ListenAddress 0.0.0.0:22 +LogLevel INFO +LoginGraceTime 120 +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com +MaxAuthTries 5 +PasswordAuthentication no +PermitEmptyPasswords no +PermitRootLogin yes +PrintLastLog yes +PrintMotd no +Protocol 2 +PubkeyAuthentication yes +RSAAuthentication yes +RhostsRSAAuthentication no +ServerKeyBits 768 +StrictModes yes +SyslogFacility AUTH +TCPKeepAlive yes +UsePAM yes +UsePrivilegeSeparation yes +X11DisplayOffset 10 +X11Forwarding no + +Subsystem sftp internal-sftp +Match Group sftp + AllowTCPForwarding no + ChrootDirectory %h + ForceCommand internal-sftp + X11Forwarding no + +# vim: ft=sshdconfig diff --git a/srv/ateliers/sec b/srv/ateliers/sec new file mode 120000 index 0000000..fd17a3d --- /dev/null +++ b/srv/ateliers/sec @@ -0,0 +1 @@ +..../sec/srv/ateliers \ No newline at end of file