From b93574f4491319869d5ed7d06c549174c918a82e Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Mon, 29 Jan 2024 22:40:13 +0100 Subject: [PATCH] english --- pages/02.administer/45.tutorials/60.security/security.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pages/02.administer/45.tutorials/60.security/security.md b/pages/02.administer/45.tutorials/60.security/security.md index a78377f2..a25e72c1 100644 --- a/pages/02.administer/45.tutorials/60.security/security.md +++ b/pages/02.administer/45.tutorials/60.security/security.md @@ -51,12 +51,14 @@ Type your admnistration password and your key will be copied onto your server. ```bash sudo yunohost settings set security.ssh.password_authentication -v no ``` + --- ### Modify the SSH port To prevent SSH connection attempts by robots that scan the internet for any server with SSH enabled, you can change the SSH port. -This is handled by a system setting, which takes care of updating the SSH and Fail2Ban configuration. +This is handled by a system setting, which takes care of updating the SSH and Fail2Ban configuration. +There's no need to change this port if you've disabled password authentication. ! If you modify anything in the `/etc/ssh/sshd_config` file, even if only the port, YunoHost will no longer manage this file. For this reason, always use the YunoHost admin tools to make changes to the systems configuration files! @@ -81,11 +83,13 @@ The default TLS configuration for services tends to offer good compatibility to Changing the compatibility level is not definitive and can be reverted if it doesn't fit with your environment. **On your server**, change the policy for NGINX + ```bash sudo yunohost settings set security.nginx.compatibility -v modern ``` **On your server**, change the policy for SSH + ```bash sudo yunohost settings set security.ssh.compatibility -v modern ```