From 8ef9b0fe88470125d6ee60a3ea0bab796048e692 Mon Sep 17 00:00:00 2001 From: Matthias Lucas Jaros Date: Mon, 20 Oct 2025 12:23:03 +0200 Subject: Security hardening --- src/ssh.conf | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src/ssh.conf') diff --git a/src/ssh.conf b/src/ssh.conf index 2940260..0de789c 100644 --- a/src/ssh.conf +++ b/src/ssh.conf @@ -1,6 +1,10 @@ -# Security, do not allow any access to the git repos outside of allowed users +# Security, we only want public key login for users and NOT for users root,git PermitRootLogin no PasswordAuthentication no +PubkeyAuthentication yes +AuthenticationMethods publickey +KbdInteractiveAuthentication no +ChallengeResponseAuthentication no PermitTTY no AllowAgentForwarding no @@ -15,3 +19,6 @@ LogLevel INFO # Force run script that checks for permissions and runs sudo ForceCommand /usr/local/bin/run "$SSH_ORIGINAL_COMMAND" + +# git user has access to EVERYTHING. no login should be possible +DenyUsers git -- cgit v1.3.1