From cc988979cafd6453756a53a00da5a05a9d93e204 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Wed, 25 Sep 2024 04:41:10 +0200
Subject: [PATCH] Update.

---
 bookworm/etc_files/server/etc/ssh/sshd_config   | 5 +++--
 bookworm/setup_scripts/setup_server.sh          | 2 +-
 bookworm/setup_scripts/upgrade_from_bullseye.sh | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/bookworm/etc_files/server/etc/ssh/sshd_config b/bookworm/etc_files/server/etc/ssh/sshd_config
index 94363eb..e952cb3 100644
--- a/bookworm/etc_files/server/etc/ssh/sshd_config
+++ b/bookworm/etc_files/server/etc/ssh/sshd_config
@@ -30,7 +30,8 @@ Include /etc/ssh/sshd_config.d/*.conf
 # Authentication:
 
 #LoginGraceTime 2m
-PermitRootLogin no
+#PermitRootLogin prohibit-password
+PermitRootLogin no  # plomlompom's security rule
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -54,7 +55,7 @@ PermitRootLogin no
 #IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no 
+PasswordAuthentication no
 #PermitEmptyPasswords no
 
 # Change to yes to enable challenge-response passwords (beware issues with
diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh
index 43d5cc0..93bfa1c 100755
--- a/bookworm/setup_scripts/setup_server.sh
+++ b/bookworm/setup_scripts/setup_server.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_login.sh.
+# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
 set -e
 . ./misc.sh
 . ./../misc.sh
diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh
index 7c51c0d..6db4f2e 100755
--- a/bookworm/setup_scripts/upgrade_from_bullseye.sh
+++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh
@@ -4,7 +4,7 @@
 set -e
 . ./misc.sh
 apt update
-apt -y upgrade
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
 apt -y full-upgrade
 path_sources_list="/etc/apt/sources.list"
 cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
-- 
2.30.2