From dc3f12976a7f51e61b3c6e4e03acee65caad1b58 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Thu, 2 Apr 2015 12:35:29 +0200 Subject: [PATCH] Ajout : srv/ateliers/etc/ssh/ --- lib/tool/admin | 2 +- sec | 2 +- srv/ateliers/etc/gnupg | 1 + srv/ateliers/etc/ssh/... | 1 + srv/ateliers/etc/ssh/install | 1 + srv/ateliers/etc/ssh/moduli | 1 + srv/ateliers/etc/ssh/ssh_config | 20 ++++++++++ srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg | 1 + srv/ateliers/etc/ssh/ssh_host_rsa_key.pub | 1 + srv/ateliers/etc/ssh/sshd_config | 48 +++++++++++++++++++++++ srv/ateliers/sec | 1 + 11 files changed, 77 insertions(+), 2 deletions(-) create mode 120000 srv/ateliers/etc/gnupg create mode 120000 srv/ateliers/etc/ssh/... create mode 120000 srv/ateliers/etc/ssh/install create mode 120000 srv/ateliers/etc/ssh/moduli create mode 100644 srv/ateliers/etc/ssh/ssh_config create mode 120000 srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg create mode 120000 srv/ateliers/etc/ssh/ssh_host_rsa_key.pub create mode 100644 srv/ateliers/etc/ssh/sshd_config create mode 120000 srv/ateliers/sec diff --git a/lib/tool/admin b/lib/tool/admin index 88674af..35fa89f 160000 --- a/lib/tool/admin +++ b/lib/tool/admin @@ -1 +1 @@ -Subproject commit 88674af9adc5adaa66abbef421bf0af867c234ff +Subproject commit 35fa89f7261e3909983444c32241a9b14d033122 diff --git a/sec b/sec index 7ee617f..70698eb 160000 --- a/sec +++ b/sec @@ -1 +1 @@ -Subproject commit 7ee617f7325510f41615447920cede39007f304e +Subproject commit 70698eb4df8b546882e8aaeaea40c8d12e01279d diff --git a/srv/ateliers/etc/gnupg b/srv/ateliers/etc/gnupg new file mode 120000 index 0000000..ee5e167 --- /dev/null +++ b/srv/ateliers/etc/gnupg @@ -0,0 +1 @@ +.../..../etc/gnupg \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/... b/srv/ateliers/etc/ssh/... new file mode 120000 index 0000000..951b30d --- /dev/null +++ b/srv/ateliers/etc/ssh/... @@ -0,0 +1 @@ +../... \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/install b/srv/ateliers/etc/ssh/install new file mode 120000 index 0000000..81e6d68 --- /dev/null +++ b/srv/ateliers/etc/ssh/install @@ -0,0 +1 @@ +.../lib/tool/admin/etc/ssh/install \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/moduli b/srv/ateliers/etc/ssh/moduli new file mode 120000 index 0000000..b4d8a0a --- /dev/null +++ b/srv/ateliers/etc/ssh/moduli @@ -0,0 +1 @@ +.../sec/etc/ssh/moduli \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/ssh_config b/srv/ateliers/etc/ssh/ssh_config new file mode 100644 index 0000000..5a04097 --- /dev/null +++ b/srv/ateliers/etc/ssh/ssh_config @@ -0,0 +1,20 @@ +# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html +Host * + #Compression yes + #CompressionLevel 9 + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + ControlMaster auto + ControlPath ~/.ssh/%h-%p-%r.sock + GSSAPIAuthentication no + GSSAPIDelegateCredentials no + HashKnownHosts yes + IdentityFile ~/.ssh/id_dsa + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/identity + KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com + SendEnv LANG LC_* + StrictHostKeyChecking ask + UserKnownHostsFile ~/.ssh/known_hosts + +# vim: ft=sshconfig diff --git a/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg b/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg new file mode 120000 index 0000000..c451ff3 --- /dev/null +++ b/srv/ateliers/etc/ssh/ssh_host_rsa_key.gpg @@ -0,0 +1 @@ +.../sec/etc/ssh/ssh_host_rsa_key.gpg \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub b/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub new file mode 120000 index 0000000..e9e3b6a --- /dev/null +++ b/srv/ateliers/etc/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +.../sec/etc/ssh/ssh_host_rsa_key.pub \ No newline at end of file diff --git a/srv/ateliers/etc/ssh/sshd_config b/srv/ateliers/etc/ssh/sshd_config new file mode 100644 index 0000000..9643da1 --- /dev/null +++ b/srv/ateliers/etc/ssh/sshd_config @@ -0,0 +1,48 @@ +# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html +AcceptEnv LANG LC_* +AuthorizedKeysFile %h/.ssh/authorized_keys +ChallengeResponseAuthentication no +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr +ClientAliveInterval 0 +Compression yes +DebianBanner no +GSSAPIAuthentication no +#HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key +HostbasedAuthentication no +IgnoreRhosts yes +IgnoreUserKnownHosts no +KerberosAuthentication no +#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 +KeyRegenerationInterval 3600 +ListenAddress 0.0.0.0:22 +LogLevel INFO +LoginGraceTime 120 +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com +MaxAuthTries 5 +PasswordAuthentication no +PermitEmptyPasswords no +PermitRootLogin yes +PrintLastLog yes +PrintMotd no +Protocol 2 +PubkeyAuthentication yes +RSAAuthentication yes +RhostsRSAAuthentication no +ServerKeyBits 768 +StrictModes yes +SyslogFacility AUTH +TCPKeepAlive yes +UsePAM yes +UsePrivilegeSeparation yes +X11DisplayOffset 10 +X11Forwarding no + +Subsystem sftp internal-sftp +Match Group sftp + AllowTCPForwarding no + ChrootDirectory %h + ForceCommand internal-sftp + X11Forwarding no + +# vim: ft=sshdconfig diff --git a/srv/ateliers/sec b/srv/ateliers/sec new file mode 120000 index 0000000..fd17a3d --- /dev/null +++ b/srv/ateliers/sec @@ -0,0 +1 @@ +..../sec/srv/ateliers \ No newline at end of file -- 2.20.1