mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition
synced 2024-11-21 17:01:34 -05:00
Update SSH Hardening
Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
parent
3ffaeccc7f
commit
a99d1f5e1d
@ -50,7 +50,7 @@
|
|||||||
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
|
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
|
||||||
"contents": {
|
"contents": {
|
||||||
"compression": "",
|
"compression": "",
|
||||||
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A"
|
"source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -105,6 +105,11 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
X11Forwarding no
|
X11Forwarding no
|
||||||
|
HostKeyAlgorithms ssh-ed25519
|
||||||
|
PubkeyAcceptedKeyTypes ssh-ed25519
|
||||||
|
Ciphers aes256-gcm@openssh.com
|
||||||
|
MACs -*
|
||||||
|
KerberosAuthentication no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
contents:
|
contents:
|
||||||
|
@ -50,7 +50,7 @@
|
|||||||
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
|
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
|
||||||
"contents": {
|
"contents": {
|
||||||
"compression": "",
|
"compression": "",
|
||||||
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A"
|
"source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -123,6 +123,11 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
X11Forwarding no
|
X11Forwarding no
|
||||||
|
HostKeyAlgorithms ssh-ed25519
|
||||||
|
PubkeyAcceptedKeyTypes ssh-ed25519
|
||||||
|
Ciphers aes256-gcm@openssh.com
|
||||||
|
MACs -*
|
||||||
|
KerberosAuthentication no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
contents:
|
contents:
|
||||||
|
Loading…
Reference in New Issue
Block a user