From 2145b9cbee47d3f62678b4a62491af643e964293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Deparis?= Date: Tue, 21 Feb 2023 20:50:49 +0100 Subject: [PATCH] regenconf: Add a new ssh security setting to hide the banner --- conf/ssh/sshd_config | 6 ++++++ hooks/conf_regen/03-ssh | 1 + share/config_global.toml | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/conf/ssh/sshd_config b/conf/ssh/sshd_config index eaa0c7380..91d8d87d1 100644 --- a/conf/ssh/sshd_config +++ b/conf/ssh/sshd_config @@ -64,7 +64,13 @@ PasswordAuthentication no {% endif %} # Post-login stuff +# PLEASE: if you wish to hide the system name and version when attempting to connect to your server, run this command: +# yunohost settings set security.ssh.ssh_banner -v no +{% if banner == "False" %} +#Banner none +{% else %} Banner /etc/issue.net +{% endif %} PrintMotd no PrintLastLog yes ClientAliveInterval 60 diff --git a/hooks/conf_regen/03-ssh b/hooks/conf_regen/03-ssh index d0351b4e5..34ad3b7fa 100755 --- a/hooks/conf_regen/03-ssh +++ b/hooks/conf_regen/03-ssh @@ -18,6 +18,7 @@ do_pre_regen() { export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')" export port="$(yunohost settings get 'security.ssh.ssh_port')" export password_authentication="$(yunohost settings get 'security.ssh.ssh_password_authentication' | int_to_bool)" + export banner="$(yunohost settings get 'security.ssh.ssh_banner')" export ssh_keys export ipv6_enabled ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config" diff --git a/share/config_global.toml b/share/config_global.toml index 40b71ab19..dae8c4f3c 100644 --- a/share/config_global.toml +++ b/share/config_global.toml @@ -43,6 +43,10 @@ name = "Security" type = "boolean" default = true + [security.ssh.ssh_banner] + type = "boolean" + default = true + [security.nginx] name = "NGINX (web server)" [security.nginx.nginx_redirect_to_https]