www
2021-12-14 +0200 12:00:00 +0200

0chaos.eu

/posts/2021/12/nix-server-setup/

Home About Posts Git

freebsd setup git ssh http nginx

– *nix server setup

This “guide” is just a collection of useful configuration.

SSH

sshd is often compiled with some things disabled and different defaults, but this should work most places. I personally only use RSA and sha256/sha512.

# Requires OpenSSH 6.7+
# License: CC0

# Manually specify what sshd binds to
Port 22
AddressFamily any

# Only accept RSA (change path if necessary)
HostKey /etc/ssh/ssh_host_rsa_key

# Algorithms (only RSA & sha256/sha512)
KexAlgorithms diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256

# Only accept public keys
AuthenticationMethods publickey
PermitRootLogin prohibit-password

# Authentication
UsePAM no
LoginGraceTime 30s
MaxAuthTries 3
MaxSessions 10
IgnoreRhosts yes
AuthorizedKeysFile .ssh/authorized_keys

# Extra options
Compression no
RekeyLimit default 120s
X11Forwarding no

# Log each login to auth
SyslogFacility auth
LogLevel VERBOSE