diskimage-builder/diskimage_builder/elements/openssh-server/README.rst

==============
openssh-server
==============
This element ensures that openssh server is installed and enabled during boot.

To disable hardening of sshd configuration, you have to set
``DIB_OPENSSH_SERVER_HARDENING`` to 0. This option will configure KexAlgorithms,
Ciphers and MAC following good pratices on
https://infosec.mozilla.org/guidelines/openssh

Note
----
Most cloud images come with the openssh server service installed and enabled
during boot. However, certain cloud images, especially those created by the
\*-minimal elements may not have it installed or enabled. In these cases,
using this element may be helpful to ensure your image will accessible via SSH.
It's usually helpful to combine this element with others such as the
`runtime-ssh-host-keys`.
elements: Add new openssh-server element Add new 'openssh-server' element to ensure that openssh server is installed and enabled during boot. This is mostly useful for *-minimal images which do not come with openssh installed and/or enabled in order to keep a small dependency footprint. Change-Id: Ide15ee04f5de123dbc8ce4bb56d638d8a167c341 2016-10-18 22:21:07 +00:00			`==============`
			`openssh-server`
			`==============`
			`This element ensures that openssh server is installed and enabled during boot.`

openssh-server: harden sshd config Harden sshd configuration by adding KexAlgorithms, Ciphers and MACs for sshd, following good pratices on https://infosec.mozilla.org/guidelines/openssh Change-Id: I3051320d867a5033e82deef10c5e723ca9829884 Co-Authored-By: Nicolas Hicher <nhicher@redhat.com> 2019-04-19 00:57:10 +00:00			`To disable hardening of sshd configuration, you have to set`
			``DIB_OPENSSH_SERVER_HARDENING`` to 0. This option will configure KexAlgorithms,
			`Ciphers and MAC following good pratices on`
			`https://infosec.mozilla.org/guidelines/openssh`
elements: Add new openssh-server element Add new 'openssh-server' element to ensure that openssh server is installed and enabled during boot. This is mostly useful for *-minimal images which do not come with openssh installed and/or enabled in order to keep a small dependency footprint. Change-Id: Ide15ee04f5de123dbc8ce4bb56d638d8a167c341 2016-10-18 22:21:07 +00:00
			`Note`
			`----`
			`Most cloud images come with the openssh server service installed and enabled`
			`during boot. However, certain cloud images, especially those created by the`
			`\*-minimal elements may not have it installed or enabled. In these cases,`
			`using this element may be helpful to ensure your image will accessible via SSH.`
			`It's usually helpful to combine this element with others such as the`
			`runtime-ssh-host-keys`.