| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- # sync with https://github.com/fphammerle/docker-gitolite/blob/master/sshd_config
- LogLevel INFO
- #LogLevel DEBUG
- PidFile none
- Port 2200
- Protocol 2
- HostKey /etc/ssh/host_keys/rsa
- HostKey /etc/ssh/host_keys/ed25519
- # https://www.ssh-audit.com/hardening_guides.html#ubuntu_20_04_lts
- KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
- Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
- MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
- HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
- #UsePAM no
- #PermitRootLogin no
- AllowUsers dump
- AuthenticationMethods publickey
- PubkeyAuthentication yes
- PasswordAuthentication no
- ChallengeResponseAuthentication no
- # dont check file permissions
- StrictModes no
- AllowAgentForwarding no
- AllowStreamLocalForwarding no
- AllowTcpForwarding no
- DisableForwarding yes
- GatewayPorts no
- PermitTunnel no
- X11Forwarding no
- PermitUserEnvironment no
- PrintMotd no
- PermitTTY no
- # .* matches until \0
- ForceCommand exec mysqldump $(grep -o 'MYSQLDUMP_ARGS=.*' /proc/1/environ | cut -d = -f 2-)
|
