mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
38485efafb
In order to harden OpenSSH server in IPFire, using the upstream default configuration and edit it via sed commands in LFS file is error-prone and does not scale. Thereof we ship a custom and more secure OpenSSH server configuration which is copied into the image during build time. The fourth version of this patch disables password authentication by default, since this is required by some cloud hosters in order to apply the image. Further, this method is less secure than pubkey authentication. Non-AEAD ciphers have been re-added to provide compatibility to older RHEL systems. Fixes #11750 Fixes #11751 Partially fixes #11538 Signed-off-by: Peter Müller <peter.mueller@link38.eu> Cc: Marcel Lorenz <marcel.lorenz@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>