Update.

diff --git a/bookworm/etc_files/server/etc/ssh/sshd_config b/bookworm/etc_files/server/etc/ssh/sshd_config
index 94363ebe3c0efe26f98d6febba6fde21eed92f26..e952cb30f9805aae0785340f2b3ed43caac55a19 100644 (file)
--- a/bookworm/etc_files/server/etc/ssh/sshd_config
+++ b/bookworm/etc_files/server/etc/ssh/sshd_config
@@ -30,7 +30,8 @@ Include /etc/ssh/sshd_config.d/*.conf
 # Authentication:
 
 #LoginGraceTime 2m
-PermitRootLogin no
+#PermitRootLogin prohibit-password
+PermitRootLogin no  # plomlompom's security rule
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -54,7 +55,7 @@ PermitRootLogin no
 #IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no 
+PasswordAuthentication no
 #PermitEmptyPasswords no
 
 # Change to yes to enable challenge-response passwords (beware issues with

diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh
index 43d5cc03797f0a3998f8398abea4e1b0c73a86df..93bfa1c467c701271eb6cd783f5571f5f4edf9f0 100755 (executable)
--- a/bookworm/setup_scripts/setup_server.sh
+++ b/bookworm/setup_scripts/setup_server.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_login.sh.
+# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
 set -e
 . ./misc.sh
 . ./../misc.sh

diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh
index 7c51c0d8c8e253df4f405339f40f5a425f8cd7a8..6db4f2eeefefe3ab4bfc5b62e850a054ad309728 100755 (executable)
--- a/bookworm/setup_scripts/upgrade_from_bullseye.sh
+++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh
@@ -4,7 +4,7 @@
 set -e
 . ./misc.sh
 apt update
-apt -y upgrade
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
 apt -y full-upgrade
 path_sources_list="/etc/apt/sources.list"
 cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"