From 9c88b60fcc82f7652f5323ed21fb78885c1f2326 Mon Sep 17 00:00:00 2001 From: Tommy Date: Wed, 18 Jan 2023 07:11:30 -0500 Subject: [PATCH] Add ssh_config configurations Signed-off-by: Tommy --- Fedora-Workstation-36.sh | 3 +++ GCP-Debian-11.sh | 3 +++ Proxmox-7.sh | 3 +++ RHEL-Server-9.sh | 3 +++ 4 files changed, 12 insertions(+) diff --git a/Fedora-Workstation-36.sh b/Fedora-Workstation-36.sh index 21d7b46..8845eb3 100644 --- a/Fedora-Workstation-36.sh +++ b/Fedora-Workstation-36.sh @@ -38,6 +38,9 @@ curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system mkdir -p /etc/systemd/system/sshd.service.d curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/limits.conf -o /etc/systemd/system/sshd.service.d/limits.conf +echo "GSSAPIAuthentication no" | sudo tee /etc/ssh/ssh_config.d/10-custom.conf +echo "VerifyHostKeyDNS yes" | sudo tee -a /etc/ssh/ssh_config.d/10-custom.conf + #Setup NTS rm -rf /etc/chrony/chrony.conf curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony/chrony.conf diff --git a/GCP-Debian-11.sh b/GCP-Debian-11.sh index bb8c6b4..41412e6 100644 --- a/GCP-Debian-11.sh +++ b/GCP-Debian-11.sh @@ -17,6 +17,9 @@ curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system mkdir -p /etc/systemd/system/sshd.service.d curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/limits.conf -o /etc/systemd/system/sshd.service.d/limits.conf +echo "GSSAPIAuthentication no" > /etc/ssh/ssh_config.d/10-custom.conf +echo "VerifyHostKeyDNS yes" >> /etc/ssh/ssh_config.d/10-custom.conf + rm -rf /etc/chrony/chrony.conf curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony/chrony.conf diff --git a/Proxmox-7.sh b/Proxmox-7.sh index d1b07df..6f6ec68 100644 --- a/Proxmox-7.sh +++ b/Proxmox-7.sh @@ -52,3 +52,6 @@ systemctl enable --now fwupd-refresh.timer bash <(curl -s https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh ) install systemctl restart pveproxy.service + +echo "GSSAPIAuthentication no" > /etc/ssh/ssh_config.d/10-custom.conf +echo "VerifyHostKeyDNS yes" >> /etc/ssh/ssh_config.d/10-custom.conf \ No newline at end of file diff --git a/RHEL-Server-9.sh b/RHEL-Server-9.sh index 43a5eb2..aa1840c 100644 --- a/RHEL-Server-9.sh +++ b/RHEL-Server-9.sh @@ -33,3 +33,6 @@ sudo systemctl restart irqbalance sudo mkdir -p /etc/systemd/system/sshd.service.d sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/limits.conf -o /etc/systemd/system/sshd.service.d/limits.conf sudo systemctl restart sshd + +echo "GSSAPIAuthentication no" | sudo tee /etc/ssh/ssh_config.d/10-custom.conf +echo "VerifyHostKeyDNS yes" | sudo tee -a /etc/ssh/ssh_config.d/10-custom.conf \ No newline at end of file