diff options
| author | 2025-10-20 12:23:03 +0200 | |
|---|---|---|
| committer | 2025-10-20 13:29:22 +0200 | |
| commit | 8ef9b0fe88470125d6ee60a3ea0bab796048e692 (patch) | |
| tree | efe91c1f0ad0dc405d6dddbeedeb700c5e1cde6b /src/ssh.conf | |
| parent | f701015dcce565ab9323a4057b3577f61999601f (diff) | |
Security hardening
Diffstat (limited to 'src/ssh.conf')
| -rw-r--r-- | src/ssh.conf | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/ssh.conf b/src/ssh.conf index 2940260..0de789c 100644 --- a/src/ssh.conf +++ b/src/ssh.conf @@ -1,6 +1,10 @@ -# Security, do not allow any access to the git repos outside of allowed users +# Security, we only want public key login for users and NOT for users root,git PermitRootLogin no PasswordAuthentication no +PubkeyAuthentication yes +AuthenticationMethods publickey +KbdInteractiveAuthentication no +ChallengeResponseAuthentication no PermitTTY no AllowAgentForwarding no @@ -15,3 +19,6 @@ LogLevel INFO # Force run script that checks for permissions and runs sudo ForceCommand /usr/local/bin/run "$SSH_ORIGINAL_COMMAND" + +# git user has access to EVERYTHING. no login should be possible +DenyUsers git |
