added note for tighter sshd config

author Chris Koeritz <cak0l@virginia.edu>

Tue, 2 Jun 2020 13:52:57 +0000 (09:52 -0400)

committer Chris Koeritz <cak0l@virginia.edu>

Tue, 2 Jun 2020 13:52:57 +0000 (09:52 -0400)
author Chris Koeritz <cak0l@virginia.edu>
Tue, 2 Jun 2020 13:52:57 +0000 (09:52 -0400)
committer Chris Koeritz <cak0l@virginia.edu>
Tue, 2 Jun 2020 13:52:57 +0000 (09:52 -0400)
diff --git a/infobase/configuration/ssh/mods_for_etc_sshd_config.txt b/infobase/configuration/ssh/mods_for_etc_sshd_config.txt

new file mode 100644 (file)

index 0000000..322fdba
--- /dev/null
+++ b/infobase/configuration/ssh/mods_for_etc_sshd_config.txt
@@ -0,0 +1,17 @@
+
+to increase security on an sshd server, and assuming you have
+registered your ssh keys ahead of time in authorized_keys, then
+this bit goes in /etc/sshd_config (at the end works fine):
+
+##############
+
+# fred mods 2019-02-19:
+# trying to keep intruders out...  this disables password logins.
+# also of course disables root logins, which should already have been done.
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+UsePAM no
+
+##############
+
author	Chris Koeritz <cak0l@virginia.edu>
	Tue, 2 Jun 2020 13:52:57 +0000 (09:52 -0400)
committer	Chris Koeritz <cak0l@virginia.edu>
	Tue, 2 Jun 2020 13:52:57 +0000 (09:52 -0400)