summaryrefslogtreecommitdiff
path: root/src/ssh.conf
diff options
context:
space:
mode:
authorGravatar Matthias Lucas Jaros <jarlucmat@mailbox.org>2025-10-20 12:23:03 +0200
committerGravatar Matthias Lucas Jaros <jarlucmat@mailbox.org>2025-10-20 13:29:22 +0200
commit8ef9b0fe88470125d6ee60a3ea0bab796048e692 (patch)
treeefe91c1f0ad0dc405d6dddbeedeb700c5e1cde6b /src/ssh.conf
parentf701015dcce565ab9323a4057b3577f61999601f (diff)
Security hardening
Diffstat (limited to 'src/ssh.conf')
-rw-r--r--src/ssh.conf9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/ssh.conf b/src/ssh.conf
index 2940260..0de789c 100644
--- a/src/ssh.conf
+++ b/src/ssh.conf
@@ -1,6 +1,10 @@
-# Security, do not allow any access to the git repos outside of allowed users
+# Security, we only want public key login for users and NOT for users root,git
PermitRootLogin no
PasswordAuthentication no
+PubkeyAuthentication yes
+AuthenticationMethods publickey
+KbdInteractiveAuthentication no
+ChallengeResponseAuthentication no
PermitTTY no
AllowAgentForwarding no
@@ -15,3 +19,6 @@ LogLevel INFO
# Force run script that checks for permissions and runs sudo
ForceCommand /usr/local/bin/run "$SSH_ORIGINAL_COMMAND"
+
+# git user has access to EVERYTHING. no login should be possible
+DenyUsers git