Open mrbluecoat opened 1 month ago
P.S. If you're going to enforce encryption keys for SSH, perhaps consider replacing Dropbear with TinySSH
These seem like good ideas; the guide in particular does point out some of the more obtainable protocols recommended in CIS. Modifying /tmp
and fstab
probably won't be considered as these could break DietPi, but other ideas like networking and kernel setup I'll test manually and then look to add in.
Regarding SSH, I'd like to stick with options the Dietpi project support for compatibility but may test TinySSH and see if it is stable for enough use cases. If so, I might ask for it to be added to Dietpi first. This way, there is less need to convert user keys or reconfigure clients, as it is more likely to be the server installed at system creation.
As the options grow, I think this project will use less yes/no prompts and more flags like --filesystem
or --network
. Alternatively, a config file in yaml
or text even may be good, in a similar way to the Dietpi installer files in /boot/
. Either way, thanks for the feedback and I look to further develop this project soon.
Thanks for putting this together. Thoughts about including some of the advice at https://www.reddit.com/r/dietpi/comments/ap658g/guide_security_hardened_dietpi_system/