sshd configuration - Githubissues

RecordEvolution / ReswarmOS

A small, customized host operating system for IoT devices meeting the needs of Reswarm

Apache License 2.0

5 stars 0 forks source link

sshd configuration #6

Closed mario-fink closed 3 years ago

mario-fink commented 4 years ago

employ security hardening configuration options to sshd_config by:

no root login -allow login only by users configured
allow login only on local subnet
etc.

markope commented 4 years ago

Probably login from anywhere will be required at some point as well. Markus from conti asked this right away. I would just put a basic sshd_config on the OS which is closed and secure by default. Any modification will be handled by the reswarm_agent.

mario-fink commented 4 years ago

By anywhere you mean from any "outside" network which is not the local/same network ? That's fine.. but the of course, this opens up a security hazard to some degree....Then we should probably set up public key authentication for the user...

markope commented 4 years ago

probably, but let's look at this again when we start with the reswarm_agent

mario-fink commented 3 years ago

disable password login and enable public key authentication only for user 'swarm_owner' with key/cert given in reswarm configuration file

mario-fink commented 3 years ago

82674cee237b64909770ded25243ec2d21554e97