Differences between revisions 5 and 6
Revision 5 as of 2019-12-10 11:39:36
Size: 695
Editor: Sciuro
Comment:
Revision 6 as of 2019-12-12 23:21:43
Size: 1090
Editor: Sciuro
Comment:
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
== Config files == = Config =
== Server config ==
Add the following to the ''/etc/ssh/sshd_config'' file to restrict broken and misused ciphers.
{{{
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
}}}

== Client config ==

Contents

  1. Config
    1. Server config
    2. Client config
    3. Restricted shell

Config

Server config

Add the following to the /etc/ssh/sshd_config file to restrict broken and misused ciphers. 

KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

Client config

This is an example of a personal configfile in your .ssh/config. 

Host server
  hostname 1.2.3.4
  user username
  port 2222
  LocalForward 8443 localhost:443

Restricted shell

This example shows us a ssh server where you can login, but have no rights at all to do anything, except restricted portforwarding. AllowTcpForwarding has to be enabled for the use of PermitOpen. 

Match User testuser
   AllowTcpForwarding yes
   X11Forwarding no
   PermitTunnel no
   GatewayPorts no
   AllowAgentForwarding no
   PermitOpen localhost:80
   ForceCommand read -p "Press enter to exit"

Howto/SSH (last edited 2022-04-28 14:06:51 by Burathar)