2024-05-31 16:52:50 +02:00
|
|
|
# @path: /etc/ssh/sshd_config.d/sshd_hardened.conf
|
2024-05-14 12:08:37 +02:00
|
|
|
# @permission: -rw-r--r-- 1 root root
|
|
|
|
|
|
|
|
# Disallow passwords
|
|
|
|
PasswordAuthentication no
|
2024-05-31 16:52:50 +02:00
|
|
|
PubkeyAuthentication yes
|
2024-05-14 12:08:37 +02:00
|
|
|
|
|
|
|
# Restrict user to sftp server (no shell)
|
|
|
|
Match User publisher
|
|
|
|
ForceCommand internal-sftp
|
2024-05-31 16:52:50 +02:00
|
|
|
ChrootDirectory {{ sftp_root }}
|
2024-05-14 12:08:37 +02:00
|
|
|
PermitTunnel no
|
|
|
|
AllowAgentForwarding no
|
|
|
|
AllowTcpForwarding no
|
|
|
|
X11Forwarding no
|