Update ssh configs for admins login.

2026-04-28 20:28:30 +01:00 · 2026-04-28 20:28:30 +01:00 · 8558e9f74c
commit 8558e9f74c
parent 4de1d1da3b
4 changed files with 31 additions and 5 deletions
--- a/.gitattributesdb
+++ b/.gitattributesdb
@ -150,6 +150,7 @@ ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1762449437.502802342 1777400265.704000000 root:
 ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDA= 1762449591.864258045 1777400265.704000000 root:root 0644 - -
 ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDE= 1762449602.376084790 1777400265.704000000 root:root 0644 - -
 ZXRjL3BhbS5kLy5naXRpZ25vcmU= 1777400346.836000000 1777400350.852000000 root:root 0644 - -
+ZXRjL3BhbS5kL3NzaGQtc3lzYWRtaW5z 1777398748.780000000 1777399439.796000000 root:root 0644 - -
 ZXRjL3Bhc3N3ZA== 1776617345.284000000 1777400256.204000000 root:root 0644 - -
 ZXRjL3BocC8uZ2l0aWdub3Jl 1773950303.090525695 1777400265.704000000 root:root 0644 - -
 ZXRjL3BocC84LjQvLmdpdGlnbm9yZQ== 1773950864.129246341 1777400265.704000000 root:root 0644 - -
@ -181,8 +182,8 @@ ZXRjL3NoYWRvdy5ncGc= 1777402583.320000000 1777402725.624000000 root:root 0644 -
 ZXRjL3NodXRkb3duLmQvcHVzaG92ZXItYWxlcnQ= 1773658291.017652815 1777401474.052000000 root:root 0755 - -
 ZXRjL3NodXRkb3duLmQvd2lyZWd1YXJk 1775836119.267496394 1777400265.740000000 root:root 0755 - -
 ZXRjL3NzaC8uZ2l0aWdub3Jl 1762628843.382312260 1777400265.740000000 root:root 0644 - -
-ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1776538060.268000000 root:root 0644 - -
-ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1776269628.065653662 1776538060.268000000 root:root 0644 - -
+ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1777404485.344000000 root:root 0644 - -
+ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1776269628.065653662 1777404485.348000000 root:root 0644 - -
 ZXRjL3NzaGd1YXJkLy5naXRpZ25vcmU= 1774125137.895659238 1777400265.740000000 root:root 0644 - -
 ZXRjL3NzaGd1YXJkL3NzaGd1YXJkLmNvbmY= 1774125374.863787370 1777400265.740000000 root:root 0644 - -
 ZXRjL3NzaGd1YXJkL3doaXRlbGlzdA== 1775754649.457375401 1777400265.740000000 root:root 0644 - -
--- a/etc/pam.d/sshd-sysadmins
+++ b/etc/pam.d/sshd-sysadmins
@ -0,0 +1,15 @@
+auth	required							pam_permit.so
+
+account	required							pam_permit.so
+
+session	[success=ok ignore=ignore module_unknown=ignore default=bad]	pam_selinux.so close
+session	required							pam_loginuid.so
+session	optional							pam_keyinit.so force revoke
+session	optional							pam_umask.so
+session	optional							pam_motd.so motd=/run/motd.dynamic # /etc/motd is handled by sshd.
+session	required							pam_limits.so
+session	required							pam_env.so
+session	required							pam_env.so envfile=/etc/default/locale
+session	[success=ok ignore=ignore module_unknown=ignore default=bad]	pam_selinux.so open
+session	optional							pam_mkhomedir.so 
+session	required							pam_permit.so
--- a/etc/ssh/ssh_config
+++ b/etc/ssh/ssh_config
@ -5,3 +5,8 @@ Host *
  SendEnv			LANG LC_*
  VerifyHostKeyDNS		yes
  VisualHostKey			yes
+
+Host *.slackware.uk.internal *.slackware.uk.net
+  GSSAPIAuthentication		yes
+  GSSAPIDelegateCredentials	yes
+  Port				25422
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@ -3,15 +3,20 @@ Include /etc/ssh/sshd_config.d/*.conf
 Port				25422

 AcceptEnv			LANG LC_*
+GSSAPICleanupCredentials	yes
+GSSAPIStrictAcceptorCheck	yes
 LoginGraceTime			30
 MaxStartups			5
 PermitRootLogin			prohibit-password
 StreamLocalBindUnlink		yes
 Subsystem			sftp	internal-sftp
+UsePAM				yes
 X11Forwarding			no

-Match Group "System Admins"
+Match Group "SLACKWAREUKINT\systems' admins"
+  AuthenticationMethods		publickey
+  #,password publickey,keyboard-interactive
  AuthorizedKeysCommand		/usr/bin/sss_ssh_authorizedkeys
  AuthorizedKeysCommandUser	root
-  AuthenticationMethods		"publickey"
-  # ,password"
+  GSSAPIAuthentication		yes
+  PAMServiceName		sshd-sysadmins