History

Adrian 527a120468 Fix sshd user config		2020-08-28 00:27:51 +02:00
..
backup.user	Fix sshd user config	2020-08-28 00:27:51 +02:00
general.conf	Use sshd_config.d in focal	2020-07-21 22:13:02 +02:00
login.conf	Use sshd_config.d in focal	2020-07-21 22:13:02 +02:00
README.md	Fix sshd user config	2020-08-28 00:27:51 +02:00
sshlogin.user	Fix sshd user config	2020-08-28 00:27:51 +02:00

README.md

SSH

Use only one user sshlogin for logins to the server. Switch to your main user with su - adminuser afterwards.

sudo sed -i '$ a sshlogin:*:1001:65534::/home/sshlogin:/bin/sh' /etc/passwd
sudo sed -i '$ a Match User *' /etc/ssh/sshd_config
sudo sed -i '$ a Include /etc/ssh/sshd_config.d/*.user' /etc/ssh/sshd_config
sudo cp *.conf *.user /etc/ssh/sshd_config.d

sudo mkdir -p /home/sshlogin/.ssh
sudo chown sshlogin:root /home/sshlogin/.ssh

Either create a password with sudo passwd sshlogin or
Add a key sudo -u sshlogin editor /home/sshlogin/.ssh/authorized_keys
Test config for user with sudo sshd -T -C user=sshlogin

Notes

Included files do not affect the match context of the file including them.

https://bugzilla.mindrot.org/show_bug.cgi?id=2468#c26

According to the tests, the above is possible: https://github.com/openssh/openssh-portable/blob/master/regress/servcfginclude.sh