Security/Guidelines/OpenSSH: Difference between revisions

Automated sync from https://github.com/mozilla/wikimo_opsec
(Automated sync from https://github.com/mozilla/wikimo_opsec)
(Automated sync from https://github.com/mozilla/wikimo_opsec)
Line 257: Line 257:
* Disable sftp if not needed as it exposes more surface and different logging mechanisms than SSH (and thus scp) itself.
* Disable sftp if not needed as it exposes more surface and different logging mechanisms than SSH (and thus scp) itself.


File: <code>/etc/ssh/sshd_config</code>
{{note|
<source>
You may want to use the group "users" instead of "sftpusers" in the example below as this may already exist and include all regular users by
Match User machine_user
default.
     Subsystem  sftp  /bin/false
}}
 
<source code="bash">
    # groupadd sftpusers
    # usermod -a -g sftpusers <userthat_needs_ftp>
    # chown :sftpusers /usr/lib/ssh/sftp-server
     # chmod 0750 /usr/lib/ssh/sftp-server
</source>
</source>


Confirmed users
502

edits