1
0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-11-21 17:01:34 -05:00

Update SSH Hardening

Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
Thien Tran 2023-10-10 12:05:22 -07:00
parent 3ffaeccc7f
commit a99d1f5e1d
No known key found for this signature in database
GPG Key ID: 3DF2709723343A8F
4 changed files with 12 additions and 2 deletions

View File

@ -50,7 +50,7 @@
"path": "/etc/ssh/sshd_config.d/10-custom.conf", "path": "/etc/ssh/sshd_config.d/10-custom.conf",
"contents": { "contents": {
"compression": "", "compression": "",
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A" "source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
} }
}, },
{ {

View File

@ -105,6 +105,11 @@ storage:
contents: contents:
inline: | inline: |
X11Forwarding no X11Forwarding no
HostKeyAlgorithms ssh-ed25519
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers aes256-gcm@openssh.com
MACs -*
KerberosAuthentication no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml - path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: contents:

View File

@ -50,7 +50,7 @@
"path": "/etc/ssh/sshd_config.d/10-custom.conf", "path": "/etc/ssh/sshd_config.d/10-custom.conf",
"contents": { "contents": {
"compression": "", "compression": "",
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A" "source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
} }
}, },
{ {

View File

@ -123,6 +123,11 @@ storage:
contents: contents:
inline: | inline: |
X11Forwarding no X11Forwarding no
HostKeyAlgorithms ssh-ed25519
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers aes256-gcm@openssh.com
MACs -*
KerberosAuthentication no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml - path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: contents: