diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index c23c9bd..9905dbb 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -1,29 +1,26 @@ -Protocol 2 -HostKey /etc/ssh/ssh_host_ed25519_key -HostKey /etc/ssh/ssh_host_rsa_key - -Port 3322 -ListenAddress 0.0.0.0 - -StrictModes yes - -UsePAM yes -PermitRootLogin no -PubkeyAuthentication yes -PasswordAuthentication yes -PermitEmptyPasswords no +Protocol 2 +HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key +ListenAddress 0.0.0.0 +Port 3322 +UseDNS no +UsePAM yes +X11Forwarding yes +X11UseLocalhost no +X11DisplayOffset 10 +AllowTcpForwarding yes +PermitRootLogin no +PermitEmptyPasswords no +PermitUserEnvironment no +PubkeyAuthentication yes +PasswordAuthentication yes ChallengeResponseAuthentication no -TCPKeepAlive yes -LoginGraceTime 30 -ClientAliveInterval 300 -ClientAliveCountMax 1 - -X11Forwarding yes -X11DisplayOffset 10 -X11UseLocalhost no - -PrintMotd no -PrintLastLog yes - -SyslogFacility AUTH -LogLevel INFO +GSSAPIAuthentication no +LoginGraceTime 30 +TCPKeepAlive yes +ClientAliveInterval 60 +ClientAliveCountMax 5 +PrintMotd no +PrintLastLog no +SyslogFacility AUTH +LogLevel INFO diff --git a/scripts/bin/container-foreground-cmd b/scripts/bin/container-foreground-cmd index b6fbc65..e2b3760 100755 --- a/scripts/bin/container-foreground-cmd +++ b/scripts/bin/container-foreground-cmd @@ -45,8 +45,11 @@ if [ ! -f "${RANDFILE:?}" ]; then fi # Generate SSH keys if they do not exist +if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then + ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >/dev/null +fi if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure openssh-server + ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' >/dev/null fi # Generate self-signed certificate