update..
This commit is contained in:
@ -2082,6 +2082,8 @@ sshd_pubkey_authentication: !!str "yes"
|
||||
|
||||
sshd_password_authentication: !!str "no"
|
||||
|
||||
sshd_kbd_interactive_authentication:
|
||||
|
||||
sshd_use_pam: !!str "yes"
|
||||
|
||||
#sshd_allowed_users:
|
||||
@ -2095,6 +2097,7 @@ sshd_use_dns: !!str "no"
|
||||
|
||||
sshd_gateway_ports: !!str "no"
|
||||
|
||||
sshd_required_rsa_size: 4096
|
||||
|
||||
# sshd_pubkey_accepted_algorithms:
|
||||
#
|
||||
@ -2129,43 +2132,57 @@ sshd_gateway_ports: !!str "no"
|
||||
#
|
||||
# Example:
|
||||
# sshd_kexalgorithms:
|
||||
# - curve25519-sha256@libssh.org
|
||||
# - ntrup761x25519-sha512@openssh.com
|
||||
# - curve25519-sha256,curve25519-sha256@libssh.org
|
||||
# - ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
|
||||
# - diffie-hellman-group-exchange-sha256
|
||||
# - diffie-hellman-group14-sha1
|
||||
# - diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
|
||||
# - diffie-hellman-group14-sha256
|
||||
#
|
||||
#sshd_kexalgorithms: {}
|
||||
|
||||
sshd_hostkeyalgorithms:
|
||||
- ssh-ed25519
|
||||
- ssh-ed25519-cert-v01@openssh.com
|
||||
- rsa-sha2-256
|
||||
- rsa-sha2-512
|
||||
- rsa-sha2-256-cert-v01@openssh.com
|
||||
- rsa-sha2-512-cert-v01@openssh.com
|
||||
|
||||
|
||||
# sshd_kexalgorithms
|
||||
# sshd__ciphers
|
||||
#
|
||||
# Example:
|
||||
# sshd_ciphers:
|
||||
# - chacha20-poly1305@openssh.com
|
||||
# - aes256-gcm@openssh.com
|
||||
# - aes128-ctr
|
||||
# - aes192-ctr
|
||||
# - aes256-ctr
|
||||
|
||||
# - aes128-gcm@openssh.com
|
||||
# - aes256-gcm@openssh.com
|
||||
#sshd_ciphers: {}
|
||||
sshd_ciphers:
|
||||
- chacha20-poly1305@openssh.com
|
||||
- aes256-gcm@openssh.com
|
||||
- aes128-gcm@openssh.com
|
||||
- aes256-ctr
|
||||
- aes192-ctr
|
||||
- aes128-ctr
|
||||
|
||||
# sshd_macs
|
||||
#
|
||||
# Example:
|
||||
# sshd_macs:
|
||||
# - umac-64-etm@openssh.com,umac-128-etm@openssh.com
|
||||
# - hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
|
||||
# - hmac-sha1-etm@openssh.com
|
||||
# - umac-64@openssh.com,umac-128@openssh.com
|
||||
# - hmac-sha2-256,hmac-sha2-512,hmac-sha1
|
||||
#sshd_macs: {}
|
||||
sshd_macs:
|
||||
- hmac-sha2-256-etm@openssh.com
|
||||
- hmac-sha2-512-etm@openssh.com
|
||||
- umac-128-etm@openssh.com
|
||||
|
||||
# sshd_hostkeyalgorithms
|
||||
#
|
||||
# Example:
|
||||
# - ssh-ed25519-cert-v01@openssh.com
|
||||
# - ecdsa-sha2-nistp256-cert-v01@openssh.com
|
||||
# - ecdsa-sha2-nistp384-cert-v01@openssh.com
|
||||
# - ecdsa-sha2-nistp521-cert-v01@openssh.com
|
||||
# - sk-ssh-ed25519-cert-v01@openssh.com
|
||||
# - sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
|
||||
# - rsa-sha2-512-cert-v01@openssh.com
|
||||
# - rsa-sha2-256-cert-v01@openssh.com
|
||||
# - ssh-ed25519
|
||||
# - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
|
||||
# - sk-ssh-ed25519@openssh.com
|
||||
# - sk-ecdsa-sha2-nistp256@openssh.com
|
||||
# - rsa-sha2-512
|
||||
# - rsa-sha2-256
|
||||
#
|
||||
#sshd_hostkeyalgorithms: {}
|
||||
|
||||
# This users are allowed to use password authentification
|
||||
#
|
||||
@ -2222,6 +2239,9 @@ sudoers_file_user_back_privileges:
|
||||
- 'ALL=(root) NOPASSWD: /usr/bin/rsync'
|
||||
- 'ALL=(root) NOPASSWD: /usr/bin/find'
|
||||
- 'ALL=(root) NOPASSWD: /usr/bin/realpath'
|
||||
- 'ALL=(root) NOPASSWD: /root/bin/borg-backup/borg-backup.sh'
|
||||
- 'ALL=(root) NOPASSWD: /root/bin/borg-backup/borg-backup-nc.sh'
|
||||
|
||||
|
||||
sudoers_file_user_back_postgres_privileges:
|
||||
- 'ALL=(postgres) NOPASSWD: /usr/bin/psql'
|
||||
|
||||
Reference in New Issue
Block a user