From 8558e9f74c22ca9f38a08966e7851a5982402d27 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Tue, 28 Apr 2026 20:28:30 +0100 Subject: [PATCH] Update ssh configs for admins login. --- .gitattributesdb | 5 +++-- etc/pam.d/sshd-sysadmins | 15 +++++++++++++++ etc/ssh/ssh_config | 5 +++++ etc/ssh/sshd_config | 11 ++++++++--- 4 files changed, 31 insertions(+), 5 deletions(-) create mode 100644 etc/pam.d/sshd-sysadmins diff --git a/.gitattributesdb b/.gitattributesdb index 8cd822f..37110ba 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -150,6 +150,7 @@ ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1762449437.502802342 1777400265.704000000 root: ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDA= 1762449591.864258045 1777400265.704000000 root:root 0644 - - ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDE= 1762449602.376084790 1777400265.704000000 root:root 0644 - - ZXRjL3BhbS5kLy5naXRpZ25vcmU= 1777400346.836000000 1777400350.852000000 root:root 0644 - - +ZXRjL3BhbS5kL3NzaGQtc3lzYWRtaW5z 1777398748.780000000 1777399439.796000000 root:root 0644 - - ZXRjL3Bhc3N3ZA== 1776617345.284000000 1777400256.204000000 root:root 0644 - - ZXRjL3BocC8uZ2l0aWdub3Jl 1773950303.090525695 1777400265.704000000 root:root 0644 - - ZXRjL3BocC84LjQvLmdpdGlnbm9yZQ== 1773950864.129246341 1777400265.704000000 root:root 0644 - - @@ -181,8 +182,8 @@ ZXRjL3NoYWRvdy5ncGc= 1777402583.320000000 1777402725.624000000 root:root 0644 - ZXRjL3NodXRkb3duLmQvcHVzaG92ZXItYWxlcnQ= 1773658291.017652815 1777401474.052000000 root:root 0755 - - ZXRjL3NodXRkb3duLmQvd2lyZWd1YXJk 1775836119.267496394 1777400265.740000000 root:root 0755 - - ZXRjL3NzaC8uZ2l0aWdub3Jl 1762628843.382312260 1777400265.740000000 root:root 0644 - - -ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1776538060.268000000 root:root 0644 - - -ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1776269628.065653662 1776538060.268000000 root:root 0644 - - +ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1777404485.344000000 root:root 0644 - - +ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1776269628.065653662 1777404485.348000000 root:root 0644 - - ZXRjL3NzaGd1YXJkLy5naXRpZ25vcmU= 1774125137.895659238 1777400265.740000000 root:root 0644 - - ZXRjL3NzaGd1YXJkL3NzaGd1YXJkLmNvbmY= 1774125374.863787370 1777400265.740000000 root:root 0644 - - ZXRjL3NzaGd1YXJkL3doaXRlbGlzdA== 1775754649.457375401 1777400265.740000000 root:root 0644 - - diff --git a/etc/pam.d/sshd-sysadmins b/etc/pam.d/sshd-sysadmins new file mode 100644 index 0000000..bcd282f --- /dev/null +++ b/etc/pam.d/sshd-sysadmins @@ -0,0 +1,15 @@ +auth required pam_permit.so + +account required pam_permit.so + +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session optional pam_umask.so +session optional pam_motd.so motd=/run/motd.dynamic # /etc/motd is handled by sshd. +session required pam_limits.so +session required pam_env.so +session required pam_env.so envfile=/etc/default/locale +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +session optional pam_mkhomedir.so +session required pam_permit.so diff --git a/etc/ssh/ssh_config b/etc/ssh/ssh_config index fd5e900..d6c8f34 100644 --- a/etc/ssh/ssh_config +++ b/etc/ssh/ssh_config @@ -5,3 +5,8 @@ Host * SendEnv LANG LC_* VerifyHostKeyDNS yes VisualHostKey yes + +Host *.slackware.uk.internal *.slackware.uk.net + GSSAPIAuthentication yes + GSSAPIDelegateCredentials yes + Port 25422 diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config index cb7406c..e4a4d04 100644 --- a/etc/ssh/sshd_config +++ b/etc/ssh/sshd_config @@ -3,15 +3,20 @@ Include /etc/ssh/sshd_config.d/*.conf Port 25422 AcceptEnv LANG LC_* +GSSAPICleanupCredentials yes +GSSAPIStrictAcceptorCheck yes LoginGraceTime 30 MaxStartups 5 PermitRootLogin prohibit-password StreamLocalBindUnlink yes Subsystem sftp internal-sftp +UsePAM yes X11Forwarding no -Match Group "System Admins" +Match Group "SLACKWAREUKINT\systems' admins" + AuthenticationMethods publickey + #,password publickey,keyboard-interactive AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys AuthorizedKeysCommandUser root - AuthenticationMethods "publickey" - # ,password" + GSSAPIAuthentication yes + PAMServiceName sshd-sysadmins