start writing main program, finish ssh module, new authnz module, various cleanup

2021-06-14 17:46:59 +02:00
parent e970f24a5c
commit 2f9eb19ebe
7 changed files with 147 additions and 59 deletions
--- a/repo/common/ssh_config
+++ b/repo/common/ssh_config
@@ -0,0 +1,52 @@
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+
+Host *
+   ForwardAgent no
+   ForwardX11 yes
+   ForwardX11Trusted yes
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials yes
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+   Port 22
+   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+#   VisualHostKey no
+#   ProxyCommand ssh -q -W %h:%p gateway.example.com
+    SendEnv LANG LC_*
+    HashKnownHosts yes
--- a/repo/common/sshd_config
+++ b/repo/common/sshd_config
@@ -0,0 +1,31 @@
+Port                            22
+Protocol                        2
+HostKey                         /etc/ssh/ssh_host_ed25519_key
+SyslogFacility                  AUTH
+LogLevel                        INFO
+LoginGraceTime                  120
+PermitRootLogin                 no
+StrictModes                     yes
+PubkeyAuthentication            yes
+AuthorizedKeysFile              %h/.ssh/authorized_keys
+IgnoreRhosts                    yes
+HostbasedAuthentication         no
+ChallengeResponseAuthentication no
+PasswordAuthentication          yes
+PermitEmptyPasswords            no
+KerberosAuthentication          yes
+KerberosOrLocalPasswd           yes
+KerberosTicketCleanup           yes
+GSSAPIAuthentication            yes
+GSSAPICleanupCredentials        yes
+GSSAPIStrictAcceptorCheck       no
+X11Forwarding                   yes
+X11DisplayOffset                10
+PrintMotd                       no
+PrintLastLog                    yes
+TCPKeepAlive                    yes
+AcceptEnv                       LANG LC_*
+AllowTcpForwarding              no
+Match   Address                 10.3.0.0/16
+        PermitRootLogin         yes
+