From: Christian Heller Date: Wed, 25 Sep 2024 02:41:10 +0000 (+0200) Subject: Update. X-Git-Url: https://plomlompom.com/repos/%7B%7B%20web_path%20%7D%7D/decks/%7B%7Bdeck_id%7D%7D/printable?a=commitdiff_plain;h=cc988979cafd6453756a53a00da5a05a9d93e204;p=config Update. --- diff --git a/bookworm/etc_files/server/etc/ssh/sshd_config b/bookworm/etc_files/server/etc/ssh/sshd_config index 94363eb..e952cb3 100644 --- a/bookworm/etc_files/server/etc/ssh/sshd_config +++ b/bookworm/etc_files/server/etc/ssh/sshd_config @@ -30,7 +30,8 @@ Include /etc/ssh/sshd_config.d/*.conf # Authentication: #LoginGraceTime 2m -PermitRootLogin no +#PermitRootLogin prohibit-password +PermitRootLogin no # plomlompom's security rule #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 @@ -54,7 +55,7 @@ PermitRootLogin no #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no +PasswordAuthentication no #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh index 43d5cc0..93bfa1c 100755 --- a/bookworm/setup_scripts/setup_server.sh +++ b/bookworm/setup_scripts/setup_server.sh @@ -1,6 +1,6 @@ #!/bin/sh # Next setup steps for a server whose login policy has just been set from -# the outside via ./init_user_login.sh. +# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh set -e . ./misc.sh . ./../misc.sh diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh index 7c51c0d..6db4f2e 100755 --- a/bookworm/setup_scripts/upgrade_from_bullseye.sh +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -4,7 +4,7 @@ set -e . ./misc.sh apt update -apt -y upgrade +apt -y -o Dpkg::Options::="--force-confnew" upgrade apt -y full-upgrade path_sources_list="/etc/apt/sources.list" cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"