mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition
synced 2024-11-08 03:11:33 -05:00
Update SSH Hardening
Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
parent
3ffaeccc7f
commit
a99d1f5e1d
@ -50,7 +50,7 @@
|
||||
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
|
||||
"contents": {
|
||||
"compression": "",
|
||||
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A"
|
||||
"source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -105,6 +105,11 @@ storage:
|
||||
contents:
|
||||
inline: |
|
||||
X11Forwarding no
|
||||
HostKeyAlgorithms ssh-ed25519
|
||||
PubkeyAcceptedKeyTypes ssh-ed25519
|
||||
Ciphers aes256-gcm@openssh.com
|
||||
MACs -*
|
||||
KerberosAuthentication no
|
||||
GSSAPIAuthentication no
|
||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||
contents:
|
||||
|
@ -50,7 +50,7 @@
|
||||
"path": "/etc/ssh/sshd_config.d/10-custom.conf",
|
||||
"contents": {
|
||||
"compression": "",
|
||||
"source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A"
|
||||
"source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -123,6 +123,11 @@ storage:
|
||||
contents:
|
||||
inline: |
|
||||
X11Forwarding no
|
||||
HostKeyAlgorithms ssh-ed25519
|
||||
PubkeyAcceptedKeyTypes ssh-ed25519
|
||||
Ciphers aes256-gcm@openssh.com
|
||||
MACs -*
|
||||
KerberosAuthentication no
|
||||
GSSAPIAuthentication no
|
||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||
contents:
|
||||
|
Loading…
Reference in New Issue
Block a user