16 lines
388 B
Django/Jinja
16 lines
388 B
Django/Jinja
# @path: /etc/ssh/sshd_config.d/sshd_hardened.conf
|
|
# @permission: -rw-r--r-- 1 root root
|
|
|
|
# Disallow passwords
|
|
PasswordAuthentication no
|
|
PubkeyAuthentication yes
|
|
|
|
# Restrict user to sftp server (no shell)
|
|
Match User publisher
|
|
ForceCommand internal-sftp
|
|
ChrootDirectory {{ sftp_root }}
|
|
PermitTunnel no
|
|
AllowAgentForwarding no
|
|
AllowTcpForwarding no
|
|
X11Forwarding no
|