YunoHost/doc
1
0
Fork 0
mirror of https://github.com/YunoHost/doc.git synced 2024-09-03 20:06:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2391 from OniriCorpe/patch-1

Browse source 
Update SSH docs
This commit is contained in:
Alexandre Aubin 2024-01-30 21:13:45 +01:00 committed by GitHub
commit a50a7617a2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pages/02.administer/45.tutorials/60.security/security.fr.md
View file

@ -62,6 +62,7 @@ sudo yunohost settings set security.ssh.password_authentication -v no
Pour éviter des tentatives de connexion SSH par des robots qui scannent tout Internet pour tenter des connexions SSH avec tout serveur accessible, on peut modifier le port SSH. Pour éviter des tentatives de connexion SSH par des robots qui scannent tout Internet pour tenter des connexions SSH avec tout serveur accessible, on peut modifier le port SSH.
C'est géré par un paramètre système, qui se charge de configurer les services SSH et Fail2Ban. C'est géré par un paramètre système, qui se charge de configurer les services SSH et Fail2Ban.
Il n'est pas utile de modifier ce port si vous avez désactivé l'authentification par mot de passe.
```bash ```bash
sudo yunohost settings set security.ssh.port -v <votre_numero_de_port_ssh> sudo yunohost settings set security.ssh.port -v <votre_numero_de_port_ssh>
@ -84,11 +85,13 @@ La configuration TLS par défaut des services tend à offrir une bonne compatibi
Changer le niveau de compatibilité n'est pas définitif et il est possible de rechanger le paramètre si vous concluez qu'il faut revenir en arrière. Changer le niveau de compatibilité n'est pas définitif et il est possible de rechanger le paramètre si vous concluez qu'il faut revenir en arrière.
**Sur votre serveur**, modifiez la politique pour NGINX : **Sur votre serveur**, modifiez la politique pour NGINX :
```bash ```bash
sudo yunohost settings set security.nginx.compatibility -v modern sudo yunohost settings set security.nginx.compatibility -v modern
``` ```
**Sur votre serveur**, modifiez la politique pour SSH : **Sur votre serveur**, modifiez la politique pour SSH :
```bash ```bash
sudo yunohost settings set security.ssh.compatibility -v modern sudo yunohost settings set security.ssh.compatibility -v modern
``` ```

4
pages/02.administer/45.tutorials/60.security/security.md
View file

@ -51,12 +51,14 @@ Type your admnistration password and your key will be copied onto your server.
```bash ```bash
sudo yunohost settings set security.ssh.password_authentication -v no sudo yunohost settings set security.ssh.password_authentication -v no
``` ```
--- ---
### Modify the SSH port ### Modify the SSH port
To prevent SSH connection attempts by robots that scan the internet for any server with SSH enabled, you can change the SSH port. To prevent SSH connection attempts by robots that scan the internet for any server with SSH enabled, you can change the SSH port.
This is handled by a system setting, which takes care of updating the SSH and Fail2Ban configuration. This is handled by a system setting, which takes care of updating the SSH and Fail2Ban configuration.
There's no need to change this port if you've disabled password authentication.
! If you modify anything in the `/etc/ssh/sshd_config` file, even if only the port, YunoHost will no longer manage this file. For this reason, always use the YunoHost admin tools to make changes to the systems configuration files! ! If you modify anything in the `/etc/ssh/sshd_config` file, even if only the port, YunoHost will no longer manage this file. For this reason, always use the YunoHost admin tools to make changes to the systems configuration files!
@ -81,11 +83,13 @@ The default TLS configuration for services tends to offer good compatibility to
Changing the compatibility level is not definitive and can be reverted if it doesn't fit with your environment. Changing the compatibility level is not definitive and can be reverted if it doesn't fit with your environment.
**On your server**, change the policy for NGINX **On your server**, change the policy for NGINX
```bash ```bash
sudo yunohost settings set security.nginx.compatibility -v modern sudo yunohost settings set security.nginx.compatibility -v modern
``` ```
**On your server**, change the policy for SSH **On your server**, change the policy for SSH
```bash ```bash
sudo yunohost settings set security.ssh.compatibility -v modern sudo yunohost settings set security.ssh.compatibility -v modern
``` ```