In order to harden OpenSSH server in IPFire, using the upstream default configuration
and edit it via sed commands in LFS file is error-prone and does not scale.
Thereof we ship a custom and more secure OpenSSH server configuration which
is copied into the image during build time.
The fourth version of this patch disables password authentication by
default, since this is required by some cloud hosters in order to apply
the image. Further, this method is less secure than pubkey
authentication.
Non-AEAD ciphers have been re-added to provide compatibility to older
RHEL systems.
Fixes #11750
Fixes #11751
Partially fixes #11538
Signed-off-by: Peter Müller <peter.mueller@link38.eu> Cc: Marcel Lorenz <marcel.lorenz@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / commit
