Harden SSH configuration completely
- Disable root login - Disable password authentication entirely - Disable PAM authentication - Only allow specific user via AllowUsers - Add clear status messages 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
parent
4895b7d733
commit
9739367f38
@ -377,9 +377,24 @@ echo "[+] Enabling services..."
|
||||
# systemctl enable stratisd # Not needed without Stratis
|
||||
systemctl enable sshd
|
||||
|
||||
# Disable root login
|
||||
# Secure SSH configuration
|
||||
echo "[+] Securing SSH..."
|
||||
sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
{
|
||||
# Disable root login
|
||||
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
|
||||
# Only allow SSH key authentication
|
||||
sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||
sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
|
||||
sed -i 's/^#*UsePAM.*/UsePAM no/' /etc/ssh/sshd_config
|
||||
|
||||
# Only allow specific user
|
||||
echo "AllowUsers ${ALMA_USER}" >> /etc/ssh/sshd_config
|
||||
|
||||
echo " - Root login disabled"
|
||||
echo " - Password authentication disabled"
|
||||
echo " - Only user '${ALMA_USER}' allowed"
|
||||
}
|
||||
|
||||
# Set SELinux to enforcing
|
||||
echo "[+] Setting SELinux to enforcing..."
|
||||
|
Loading…
Reference in New Issue
Block a user