Updated sshd config

2019-10-13 13:13:58 +02:00
parent e75903fce6
commit 92da9e1612
2 changed files with 29 additions and 29 deletions
--- a/config/ssh/sshd_config
+++ b/config/ssh/sshd_config
@@ -1,29 +1,26 @@
 Protocol                        2
 HostKey                         /etc/ssh/ssh_host_ed25519_key
 HostKey                         /etc/ssh/ssh_host_rsa_key
-
-Port 3322
 ListenAddress                   0.0.0.0
-
-StrictModes yes
-
+Port                            3322
+UseDNS                          no
 UsePAM                          yes
+X11Forwarding                   yes
+X11UseLocalhost                 no
+X11DisplayOffset                10
+AllowTcpForwarding              yes
 PermitRootLogin                 no
+PermitEmptyPasswords            no
+PermitUserEnvironment           no
 PubkeyAuthentication            yes
 PasswordAuthentication          yes
-PermitEmptyPasswords no
 ChallengeResponseAuthentication no
-TCPKeepAlive yes
+GSSAPIAuthentication            no
 LoginGraceTime                  30
-ClientAliveInterval 300
-ClientAliveCountMax 1
-
-X11Forwarding yes
-X11DisplayOffset 10
-X11UseLocalhost no
-
+TCPKeepAlive                    yes
+ClientAliveInterval             60
+ClientAliveCountMax             5
 PrintMotd                       no
-PrintLastLog yes
-
+PrintLastLog                    no
 SyslogFacility                  AUTH
 LogLevel                        INFO
--- a/scripts/bin/container-foreground-cmd
+++ b/scripts/bin/container-foreground-cmd
@@ -45,8 +45,11 @@ if [ ! -f "${RANDFILE:?}" ]; then
 fi

 # Generate SSH keys if they do not exist
+if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
+	ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >/dev/null
+fi
 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
-	DEBIAN_FRONTEND=noninteractive dpkg-reconfigure openssh-server
+	ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' >/dev/null
 fi

 # Generate self-signed certificate