From e926a319ae362b68fd10b2e7067360fe4a60f6f4 Mon Sep 17 00:00:00 2001 From: neox Date: Tue, 18 Jun 2024 13:44:49 +0200 Subject: [PATCH] pm/: correction gardefou et sauvkipeu --- pm/gardefou.md | 38 +++++++++++++++++++++++++++++--------- pm/sauvkipeu.md | 12 +----------- 2 files changed, 30 insertions(+), 20 deletions(-) diff --git a/pm/gardefou.md b/pm/gardefou.md index 49135c9..fa37b54 100644 --- a/pm/gardefou.md +++ b/pm/gardefou.md @@ -1,7 +1,7 @@ # gardefou Type : machine physique. -Localisation : `leparc`, en attendant une migration vers `fontainebleau`. +Localisation : `fontainebleau`. ## Matériel @@ -25,7 +25,7 @@ Mail Transfer Agent : `postfix` ## Caractéristiques notables Domaine : `gardefou.libre-en-communs.org` -Adresse ipv6 publique : `2001:910:1021::5` +Adresse ipv6 publique : `2001:910:1028::5` ### Configuration réseau @@ -39,8 +39,8 @@ Adresse ipv6 publique : `2001:910:1021::5` allow-hotplug eno0 iface eno0 inet6 static - address 2001:910:1021:0::5/128 - gateway 2001:910:1021::1 + address 2001:910:1028:0::5/128 + gateway 2001:910:1028::1 @@ -49,11 +49,31 @@ Adresse ipv6 publique : `2001:910:1021::5` ### /etc/ssh/sshd_config
- - -TODO? - - + Port 222 + AddressFamily any + ListenAddress 0.0.0.0 + ListenAddress :: + PubkeyAuthentication yes + PasswordAuthentication no + PermitEmptyPasswords no + ChallengeResponseAuthentication no + # Change to yes to enable challenge-response passwords (beware issues with + # some PAM modules and threads) + KbdInteractiveAuthentication no + UsePAM yes + AllowAgentForwarding yes + AllowTcpForwarding yes + GatewayPorts yes + X11Forwarding no + PrintMotd no + TCPKeepAlive yes + PermitTunnel yes + AcceptEnv LANG LC_* GIT_* + Subsystem sftp /usr/lib/openssh/sftp-server + Match User admin666 Address *,!127.0.0.1,!::1 + DenyUsers admin666 + Match User borg Address *,!2001:910:1021:0::/64,!2001:910:1028:0::/64 + DenyUsers borg
diff --git a/pm/sauvkipeu.md b/pm/sauvkipeu.md index a2a8b58..48c1089 100644 --- a/pm/sauvkipeu.md +++ b/pm/sauvkipeu.md @@ -1,7 +1,7 @@ # sauvkipeu Type : machine physique. -Localisation : leparc. +Localisation : `leparc`. ## Matériel @@ -53,29 +53,19 @@ Adresse ipv6 publique : `2001:910:1021::4` AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: - PubkeyAuthentication yes - PasswordAuthentication no PermitEmptyPasswords no - ChallengeResponseAuthentication no - UsePAM yes - AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts yes X11Forwarding no - PrintMotd no - TCPKeepAlive yes - PermitTunnel yes - AcceptEnv LANG LC_* GIT_* - Subsystem sftp /usr/lib/openssh/sftp-server Match User admin666 Address *,!127.0.0.1,!::1