Fix #440: configuration to make ssh more secure (#447)

radiasoft · Feb 6, 2024 · 8f4e83c · 8f4e83c
1 parent da6e134
commit 8f4e83c
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/rsconf/package_data/vm_devbox/start.sh.jinja b/rsconf/package_data/vm_devbox/start.sh.jinja
@@ -73,7 +73,10 @@ HostKey {{ this.ssh_guest_host_key_f }}
 ListenAddress 0.0.0.0:{{ this.ssh_port }}
 
 AuthorizedKeysFile .ssh/authorized_keys
+
+AllowUsers {{ this.run_u }}
 PasswordAuthentication no
+PermitRootLogin no
 Protocol 2
 X11Forwarding yes
 EOF_INSTALL

diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/srv/vm_devbox_user-1/start b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/srv/vm_devbox_user-1/start
@@ -73,7 +73,10 @@ HostKey /etc/ssh/host_key
 ListenAddress 0.0.0.0:11110
 
 AuthorizedKeysFile .ssh/authorized_keys
+
+AllowUsers vagrant
 PasswordAuthentication no
+PermitRootLogin no
 Protocol 2
 X11Forwarding yes
 EOF_INSTALL

diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/vm_devbox_user-1.sh b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/vm_devbox_user-1.sh
@@ -4,7 +4,7 @@ rsconf_service_prepare 'vm_devbox_user-1' '/etc/systemd/system/vm_devbox_user-1.
 rsconf_install_access '700' 'vagrant' 'vagrant'
 rsconf_install_directory '/srv/vm_devbox_user-1'
 rsconf_install_access '500' 'vagrant' 'vagrant'
-rsconf_install_file '/srv/vm_devbox_user-1/start' '03f7809d5a7ef88b6a4ce734814a8ec8'
+rsconf_install_file '/srv/vm_devbox_user-1/start' '081baa61746f4dd28339816bb90453ed'
 rsconf_install_file '/srv/vm_devbox_user-1/stop' '94f5e7855deadc753f54580dfad70217'
 rsconf_install_access '444' 'root' 'root'
 rsconf_install_file '/etc/systemd/system/vm_devbox_user-1.service' '9bea6d3fc6b169474e19863d1e2da5a3'