From b0440ddb79e88013f46873d10f2014d96869f285 Mon Sep 17 00:00:00 2001
From: Pierre Ozoux <pierre@ozoux.net>
Date: Tue, 11 Apr 2017 15:09:30 +0100
Subject: [PATCH] Stricter sshd config

---
 user_data | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/user_data b/user_data
index efe9dea..f1aa577 100644
--- a/user_data
+++ b/user_data
@@ -1,6 +1,17 @@
 #cloud-config
 
 write_files:
+  - path: /etc/ssh/sshd_config
+    permissions: 0600
+    owner: root:root
+    content: |
+      # Use most defaults for sshd configuration.
+      UsePrivilegeSeparation sandbox
+      Subsystem sftp internal-sftp
+      PermitRootLogin no
+      AllowUsers core
+      PasswordAuthentication no
+      ChallengeResponseAuthentication no
   - path: /etc/sysctl.d/libresh.conf
     permissions: 0644
     owner: root
-- 
GitLab