From 774f61889722843e330be185e3d668e02b428cdc Mon Sep 17 00:00:00 2001 From: Paolo Mauri Date: Sun, 21 Jan 2024 14:55:53 +0100 Subject: [PATCH 1/4] Update change_admin_password.it.md fix for change admin password --- .../10.admin_password/change_admin_password.it.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/02.administer/50.troubleshooting/10.admin_password/change_admin_password.it.md b/pages/02.administer/50.troubleshooting/10.admin_password/change_admin_password.it.md index 24eddd9b..efadb568 100644 --- a/pages/02.administer/50.troubleshooting/10.admin_password/change_admin_password.it.md +++ b/pages/02.administer/50.troubleshooting/10.admin_password/change_admin_password.it.md @@ -22,5 +22,5 @@ Poi vai su Strumenti > Cambia password amministrazione. ```bash -yunohost tools adminpw +yunohost tools rootpw ``` From 967ff7c8d34499684e45f69db3384bdf04e6a630 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Mon, 29 Jan 2024 22:37:05 +0100 Subject: [PATCH 2/4] Update security.fr.md --- pages/02.administer/45.tutorials/60.security/security.fr.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pages/02.administer/45.tutorials/60.security/security.fr.md b/pages/02.administer/45.tutorials/60.security/security.fr.md index 9a5329db..e06b13ca 100644 --- a/pages/02.administer/45.tutorials/60.security/security.fr.md +++ b/pages/02.administer/45.tutorials/60.security/security.fr.md @@ -61,7 +61,8 @@ sudo yunohost settings set security.ssh.password_authentication -v no ### Modifier le port SSH Pour éviter des tentatives de connexion SSH par des robots qui scannent tout Internet pour tenter des connexions SSH avec tout serveur accessible, on peut modifier le port SSH. -C'est géré par un paramètre système, qui se charge de configurer les services SSH et Fail2Ban. +C'est géré par un paramètre système, qui se charge de configurer les services SSH et Fail2Ban. +Il n'est pas utile de modifier ce port si vous avez désactivé l'authentification par mot de passe. ```bash sudo yunohost settings set security.ssh.port -v From b93574f4491319869d5ed7d06c549174c918a82e Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Mon, 29 Jan 2024 22:40:13 +0100 Subject: [PATCH 3/4] english --- pages/02.administer/45.tutorials/60.security/security.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pages/02.administer/45.tutorials/60.security/security.md b/pages/02.administer/45.tutorials/60.security/security.md index a78377f2..a25e72c1 100644 --- a/pages/02.administer/45.tutorials/60.security/security.md +++ b/pages/02.administer/45.tutorials/60.security/security.md @@ -51,12 +51,14 @@ Type your admnistration password and your key will be copied onto your server. ```bash sudo yunohost settings set security.ssh.password_authentication -v no ``` + --- ### Modify the SSH port To prevent SSH connection attempts by robots that scan the internet for any server with SSH enabled, you can change the SSH port. -This is handled by a system setting, which takes care of updating the SSH and Fail2Ban configuration. +This is handled by a system setting, which takes care of updating the SSH and Fail2Ban configuration. +There's no need to change this port if you've disabled password authentication. ! If you modify anything in the `/etc/ssh/sshd_config` file, even if only the port, YunoHost will no longer manage this file. For this reason, always use the YunoHost admin tools to make changes to the systems configuration files! @@ -81,11 +83,13 @@ The default TLS configuration for services tends to offer good compatibility to Changing the compatibility level is not definitive and can be reverted if it doesn't fit with your environment. **On your server**, change the policy for NGINX + ```bash sudo yunohost settings set security.nginx.compatibility -v modern ``` **On your server**, change the policy for SSH + ```bash sudo yunohost settings set security.ssh.compatibility -v modern ``` From 54eeeb4b8df875e9292972ed9e451e3bebfd64af Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Mon, 29 Jan 2024 22:40:58 +0100 Subject: [PATCH 4/4] format --- pages/02.administer/45.tutorials/60.security/security.fr.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pages/02.administer/45.tutorials/60.security/security.fr.md b/pages/02.administer/45.tutorials/60.security/security.fr.md index e06b13ca..b96d2d24 100644 --- a/pages/02.administer/45.tutorials/60.security/security.fr.md +++ b/pages/02.administer/45.tutorials/60.security/security.fr.md @@ -85,11 +85,13 @@ La configuration TLS par défaut des services tend à offrir une bonne compatibi Changer le niveau de compatibilité n'est pas définitif et il est possible de rechanger le paramètre si vous concluez qu'il faut revenir en arrière. **Sur votre serveur**, modifiez la politique pour NGINX : + ```bash sudo yunohost settings set security.nginx.compatibility -v modern ``` **Sur votre serveur**, modifiez la politique pour SSH : + ```bash sudo yunohost settings set security.ssh.compatibility -v modern ```