Files
@ 6e57b636d3a7
Branch filter:
Location: majic-ansible-roles/roles/backup_server/files/backup-sshd_config - annotation
6e57b636d3a7
2.1 KiB
text/plain
MAR-129: Updated backup_client role tests:
- Update how the hosts are being referenced in tests (for limiting the
test runs).
- Use "state: present" for package presence/installation.
- Break-up long lines in tasks so they are under 160 characters
length.
- Fixed YAML linting issues.
- Update how the hosts are being referenced in tests (for limiting the
test runs).
- Use "state: present" for package presence/installation.
- Break-up long lines in tasks so they are under 160 characters
length.
- Fixed YAML linting issues.
500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 | # Listen on separate port for backup purposes.
Port 2222
# Use the SSH protocol version 2 (which is safer).
Protocol 2
# Define dedicated host keys for backup SSH server.
HostKey /etc/ssh-backup/ssh_host_rsa_key
HostKey /etc/ssh-backup/ssh_host_dsa_key
HostKey /etc/ssh-backup/ssh_host_ecdsa_key
HostKey /etc/ssh-backup/ssh_host_ed25519_key
# Use privilege separation for increased security.
UsePrivilegeSeparation yes
# Configure logging.
SyslogFacility AUTH
LogLevel INFO
# Users logging-in have 10 seconds to login upon established connection.
LoginGraceTime 10
# Don't allow root accounts logins.
PermitRootLogin no
# Enforce strict checking of home directory mode. However, this is not used for
# the chroots (chroots must check mode).
StrictModes yes
# Allow public key authentication.
PubkeyAuthentication yes
# Don't read the user's ~/.rhosts and ~/.shosts files for eventual
# RhostsRSAAuthentication or HostbasedAuthentication.
IgnoreRhosts yes
# Disable host-based authentication.
HostbasedAuthentication no
# Do not allow logins with empty passwords.
PermitEmptyPasswords no
# Don't allow challenge-response authentication.
ChallengeResponseAuthentication no
# Disable password-based authentication.
PasswordAuthentication no
# Disable X11 forwarding.
X11Forwarding no
# Do not print motd to avoid eventual issues for clients.
PrintMotd no
# Do not print the date and time of the last user login.
PrintLastLog no
# Use TPC keepalives for detecting dead connections.
TCPKeepAlive yes
# Use the internal SFTP so we can also easily utilise chroot.
Subsystem sftp internal-sftp
# Use PAM. But thanks to PasswordAuthentication being set to "no", PAM will be
# used just for session stuff.
UsePAM yes
# Specify a dedicated PID file for the backup SSH.
PidFile /var/run/sshd-backup.pid
# Users logging-in are forced to use the SFTP server.
ForceCommand internal-sftp
# Chroot logged-in users to their home directories.
ChrootDirectory %h
# Do not allow any TCP forwarding.
AllowTCPForwarding no
# Only allow the members of this group to log-in into this instance of OpenSSH
# server.
AllowGroups backup
|