From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NO_DNS_FOR_FROM,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from integral2.. (unknown [36.80.217.41]) by gnuweeb.org (Postfix) with ESMTPSA id D490F7E375; Fri, 15 Apr 2022 17:49:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1650044992; bh=cGs3CpLZ+MgMPFDK37JJaR5x682SGYRV9PcsEa/N+Z4=; h=From:To:Cc:Subject:Date:From; b=VEW/8bBYMBmCs8kV6qiopqQ8R3nIBwfhrDzGus8UQBaXHNxXxgCm3evFI4cEdl3DK 3DC5D2R06r1opk+n4gaRRSdZPThVfuzQjsWHqIeR51lvgy18IvvyXdKCJAmEvPWT6d a0y4esz4IetQedLpvKaiGiobnV3qwxfmfSeU5LypqOeom4tVIe1+uRQkcyM8OS1Qh1 wzKpa15oSNqtJNeuv//EAc9hm0Kf47DmjZ2DUWTdxNLOHp3wwmu+T8Ujr51oUNFAdU QdC0eg2YCHmAEqMcTSvYTp/M/KnZZwKDT8rlzpV/tyVU7Ct4Aa99bw6cwwrE8qf01I PE5a5ezpm2kAQ== From: Ammar Faizi To: GNU/Weeb Mailing List Cc: Ammar Faizi , Hazmi Alfarizqi , Alviro Iskandar Setiawan Subject: [PATCH server-a001 v2 0/1] Apply default SSH config and add public keys Date: Sat, 16 Apr 2022 00:49:39 +0700 Message-Id: <20220415174940.38497-1-ammarfaizi2@gnuweeb.org> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Hi, This is v2. Just a single patch here. This does 2 dependent things: 1) Set the default port to 48589, don't use port 22 since we will inevitably get brute-force SSH attack from random botnets. Even if it's not really a concern if we're using a private key for the auth, let's not spam our auth log with many login failed lines. 2) Add maintainers' SSH public keys to the root and main user. Let us login from the outside world with a key auth. Please review! ## Changelog Link v1: https://lore.gnuweeb.org/gwml/20220415171554.35696-1-ammarfaizi2@gnuweeb.org v1 -> v2: - Really disable PasswordAuthentication (comment from Alviro). - Add Alviro's public key. Cc: Hazmi Alfarizqi # @hzmi35 Cc: Alviro Iskandar Setiawan Signed-off-by: Ammar Faizi --- Ammar Faizi (1): Apply default SSH config and add public keys Dockerfile | 16 ++++- etc/ssh/sshd_config | 123 +++++++++++++++++++++++++++++++++++++++ ssh_keys/authorized_keys | 3 + 3 files changed, 139 insertions(+), 3 deletions(-) create mode 100644 etc/ssh/sshd_config create mode 100644 ssh_keys/authorized_keys -- Ammar Faizi