28 lines
928 B
Markdown
28 lines
928 B
Markdown
# SSH
|
|
|
|
Use only one user `sshlogin` for logins to the server.
|
|
Switch to your main user with `su - adminuser` afterwards.
|
|
|
|
```sh
|
|
sudo sed -i '$ a sshlogin:*:1001:65534::/home/sshlogin:/bin/sh' /etc/passwd
|
|
sudo sed -i '$ a Match User *' /etc/ssh/sshd_config
|
|
sudo sed -i '$ a Include /etc/ssh/sshd_config.d/*.user' /etc/ssh/sshd_config
|
|
sudo cp *.conf *.user /etc/ssh/sshd_config.d
|
|
|
|
sudo mkdir -p /home/sshlogin/.ssh
|
|
sudo chown sshlogin:root /home/sshlogin/.ssh
|
|
```
|
|
|
|
* Either create a password with `sudo passwd sshlogin` or
|
|
* Add a key `sudo -u sshlogin editor /home/sshlogin/.ssh/authorized_keys`
|
|
* Test config for user with `sudo sshd -T -C user=sshlogin`
|
|
|
|
## Notes
|
|
|
|
> Included files do not affect the match context of the file including them.
|
|
|
|
https://bugzilla.mindrot.org/show_bug.cgi?id=2468#c26
|
|
|
|
According to the tests, the above is possible:
|
|
https://github.com/openssh/openssh-portable/blob/master/regress/servcfginclude.sh
|