Différences

Ci-dessous, les différences entre deux révisions de la page.

--- informatique:reseau:ssh [21/06/2026 07:35] – [Maintien de la connexion] cyrille
+++ informatique:reseau:ssh [21/06/2026 08:01] (Version actuelle) – [Configuration] cyrille
@@ Ligne 32: / Ligne 32: @@
 </code>
+Une configuration solide:
+<code>
+# /etc/ssh/sshd_config.d/99_custom.conf
+#Port non standard: réduit le bruit malveillants
+MaxAuthTries 3
+LoginGraceTime 5
+PermitRootLogin no
+PasswordAuthentication no
+PermitEmptyPasswords no
+KbdInteractiveAuthentication no
+#ChallengeResponseAuthentication no
+HostbasedAuthentication no
+KerberosAuthentication no
+GSSAPIAuthentication no
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+StrictModes yes
+Compression no
+AllowTcpForwarding no
+X11Forwarding no
+AllowAgentForwarding no
+AllowStreamLocalForwarding no
+IgnoreRhosts yes
+#UsePAM yes ???
+#  -  ^=^s  Check which modules are active
+HostKeyAlgorithms ssh-ed25519,rsa-sha2-512
+PubkeyAcceptedKeyTypes ssh-ed25519,rsa-sha2-512,rsa-sha2-256
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
+# remove LC_* to avoid some "Can't set locale; make sure $LC_* and $LANG are correct!"
+AcceptEnv LANG
+ClientAliveInterval 20
+ClientAliveCountMax 2
+TCPKeepAlive yes
+</code>