From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ammarfaizi2@gnuweeb.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NO_DNS_FOR_FROM,URIBL_BLOCKED
	autolearn=no autolearn_force=no version=3.4.6
Received: from integral2.. (unknown [36.80.217.41])
	by gnuweeb.org (Postfix) with ESMTPSA id D490F7E375;
	Fri, 15 Apr 2022 17:49:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org;
	s=default; t=1650044992;
	bh=cGs3CpLZ+MgMPFDK37JJaR5x682SGYRV9PcsEa/N+Z4=;
	h=From:To:Cc:Subject:Date:From;
	b=VEW/8bBYMBmCs8kV6qiopqQ8R3nIBwfhrDzGus8UQBaXHNxXxgCm3evFI4cEdl3DK
	 3DC5D2R06r1opk+n4gaRRSdZPThVfuzQjsWHqIeR51lvgy18IvvyXdKCJAmEvPWT6d
	 a0y4esz4IetQedLpvKaiGiobnV3qwxfmfSeU5LypqOeom4tVIe1+uRQkcyM8OS1Qh1
	 wzKpa15oSNqtJNeuv//EAc9hm0Kf47DmjZ2DUWTdxNLOHp3wwmu+T8Ujr51oUNFAdU
	 QdC0eg2YCHmAEqMcTSvYTp/M/KnZZwKDT8rlzpV/tyVU7Ct4Aa99bw6cwwrE8qf01I
	 PE5a5ezpm2kAQ==
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
To: GNU/Weeb Mailing List <gwml@vger.gnuweeb.org>
Cc: Ammar Faizi <ammarfaizi2@gnuweeb.org>,
	Hazmi Alfarizqi <contact@hzmi.xyz>,
	Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Subject: [PATCH server-a001 v2 0/1] Apply default SSH config and add public keys
Date: Sat, 16 Apr 2022 00:49:39 +0700
Message-Id: <20220415174940.38497-1-ammarfaizi2@gnuweeb.org>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <gwml.vger.gnuweeb.org>

Hi,

This is v2. Just a single patch here. This does 2 dependent things:

1) Set the default port to 48589, don't use port 22 since we will
   inevitably get brute-force SSH attack from random botnets. Even if
   it's not really a concern if we're using a private key for the auth,
   let's not spam our auth log with many login failed lines.

2) Add maintainers' SSH public keys to the root and main user. Let us
   login from the outside world with a key auth.

Please review!

## Changelog

Link v1: https://lore.gnuweeb.org/gwml/20220415171554.35696-1-ammarfaizi2@gnuweeb.org
v1 -> v2:
  - Really disable PasswordAuthentication (comment from Alviro).
  - Add Alviro's public key.

Cc: Hazmi Alfarizqi <contact@hzmi.xyz> # @hzmi35
Cc: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
Ammar Faizi (1):
  Apply default SSH config and add public keys

 Dockerfile               |  16 ++++-
 etc/ssh/sshd_config      | 123 +++++++++++++++++++++++++++++++++++++++
 ssh_keys/authorized_keys |   3 +
 3 files changed, 139 insertions(+), 3 deletions(-)
 create mode 100644 etc/ssh/sshd_config
 create mode 100644 ssh_keys/authorized_keys

-- 
Ammar Faizi