Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-08 11:05:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

use /run/ssh subdir + harden openssh config a bit

Browse Source
This commit is contained in:
miampf 2025-01-02 14:36:41 +01:00
parent 12e9c71750
commit 6f8d11c8e5
No known key found for this signature in database
GPG Key ID: EF039364B5B6886C
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service
View File

@ -4,7 +4,7 @@ Before=sshd.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/bin/bash -c "ssh-keygen -t ecdsa -q -N '' -f /run/ssh_host_ecdsa_key" ExecStart=/bin/bash -c "mkdir -p /run/ssh; ssh-keygen -t ecdsa -q -N '' -f /run/ssh/ssh_host_ecdsa_key"
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

6
image/sysroot-tree/etc/ssh/sshd_config
View File

@ -1,3 +1,5 @@
HostKey /run/ssh_host_ecdsa_key HostKey /run/ssh/ssh_host_ecdsa_key
TrustedUserCAKeys /run/ssh_ca.pub TrustedUserCAKeys /run/ssh/ssh_ca.pub
PasswordAuthentication no PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile /dev/null