Customize SSHD config
Add options to customize SSHD config:
PermitRootLogin > --ssh-permit-root=
yes | without-password | no
PasswordAuthentication > --ssh-password-auth=
yes | no
Port --ssh-port=
port number between 1 and
--ssh-harden
> hardens config with these options:
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
PermitEmptyPasswords no
X11Forwarding no
So it would look like this:
/etc/ssh/sshd_config.d/custom.conf:
# Generated by the ISPConfig autoinstaller on 01-01-1990
Port 2202
PermitRootLogin without-password
PasswordAuthentication no
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
PermitEmptyPasswords no
X11Forwarding no