diskimage-builder/diskimage_builder/elements/openssh-server
Tristan Cacqueray 11ec95b779 openssh-server: harden sshd config
Harden sshd configuration by adding KexAlgorithms, Ciphers and MACs for sshd,
following good pratices on https://infosec.mozilla.org/guidelines/openssh

Change-Id: I3051320d867a5033e82deef10c5e723ca9829884
Co-Authored-By: Nicolas Hicher <nhicher@redhat.com>
2019-05-01 11:42:21 -04:00
..
post-install.d openssh-server: harden sshd config 2019-05-01 11:42:21 -04:00
element-deps Merge remote-tracking branch 'origin/master' into merge-branch 2016-11-29 07:43:46 +11:00
package-installs.yaml Merge remote-tracking branch 'origin/master' into merge-branch 2016-11-29 07:43:46 +11:00
pkg-map Merge remote-tracking branch 'origin/master' into merge-branch 2016-11-29 07:43:46 +11:00
README.rst openssh-server: harden sshd config 2019-05-01 11:42:21 -04:00

openssh-server

This element ensures that openssh server is installed and enabled during boot.

To disable hardening of sshd configuration, you have to set DIB_OPENSSH_SERVER_HARDENING to 0. This option will configure KexAlgorithms, Ciphers and MAC following good pratices on https://infosec.mozilla.org/guidelines/openssh

Note

Most cloud images come with the openssh server service installed and enabled during boot. However, certain cloud images, especially those created by the *-minimal elements may not have it installed or enabled. In these cases, using this element may be helpful to ensure your image will accessible via SSH. It's usually helpful to combine this element with others such as the runtime-ssh-host-keys.