From 9a53d7dcf8991d17d532df77af57fbc6768b3868 Mon Sep 17 00:00:00 2001 From: Dwayne Hart Date: Sun, 12 Nov 2023 12:37:49 -0330 Subject: [PATCH] Initial setup of the floki system configuration files. --- etc/hostname | 1 + etc/ssh/ssh_host_ecdsa_key | 9 +++ etc/ssh/ssh_host_ecdsa_key.pub | 1 + etc/ssh/ssh_host_ed25519_key | 7 ++ etc/ssh/ssh_host_ed25519_key.pub | 1 + etc/ssh/ssh_host_rsa_key | 38 ++++++++++ etc/ssh/ssh_host_rsa_key.pub | 1 + etc/ssh/sshd_config | 122 +++++++++++++++++++++++++++++++ etc/systemd/timesyncd.conf | 20 +++++ 9 files changed, 200 insertions(+) create mode 100644 etc/hostname create mode 100644 etc/ssh/ssh_host_ecdsa_key create mode 100644 etc/ssh/ssh_host_ecdsa_key.pub create mode 100644 etc/ssh/ssh_host_ed25519_key create mode 100644 etc/ssh/ssh_host_ed25519_key.pub create mode 100644 etc/ssh/ssh_host_rsa_key create mode 100644 etc/ssh/ssh_host_rsa_key.pub create mode 100644 etc/ssh/sshd_config create mode 100644 etc/systemd/timesyncd.conf diff --git a/etc/hostname b/etc/hostname new file mode 100644 index 0000000..7b86694 --- /dev/null +++ b/etc/hostname @@ -0,0 +1 @@ +floki diff --git a/etc/ssh/ssh_host_ecdsa_key b/etc/ssh/ssh_host_ecdsa_key new file mode 100644 index 0000000..2db8489 --- /dev/null +++ b/etc/ssh/ssh_host_ecdsa_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSD9M3WOMNZZ1bY34cIvvpULw0eTxYL +Q8I1HXe61oIHd0DuEGJCCTaf+N9bMQJnkA+BpgUJ3zU9XiG/rf6uAghjAAAAqHa1+pJ2tf +qSAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIP0zdY4w1lnVtjf +hwi++lQvDR5PFgtDwjUdd7rWggd3QO4QYkIJNp/431sxAmeQD4GmBQnfNT1eIb+t/q4CCG +MAAAAhAO8CIQSN5LbHPh3nomYJjAILRYp0p7d7lgt4FurmJCsHAAAACnJvb3RAZmxva2kB +AgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/etc/ssh/ssh_host_ecdsa_key.pub b/etc/ssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000..602c737 --- /dev/null +++ b/etc/ssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIP0zdY4w1lnVtjfhwi++lQvDR5PFgtDwjUdd7rWggd3QO4QYkIJNp/431sxAmeQD4GmBQnfNT1eIb+t/q4CCGM= root@floki diff --git a/etc/ssh/ssh_host_ed25519_key b/etc/ssh/ssh_host_ed25519_key new file mode 100644 index 0000000..822f63b --- /dev/null +++ b/etc/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDNTc/jZkjDDa7uWqj+7lbSvgu8KFKRKM6IONMfIrnbpwAAAJDAZwkfwGcJ +HwAAAAtzc2gtZWQyNTUxOQAAACDNTc/jZkjDDa7uWqj+7lbSvgu8KFKRKM6IONMfIrnbpw +AAAED/tx/YHNhO/4uDPsBONmZIffkh0B7tjhlNYtooKF2Trs1Nz+NmSMMNru5aqP7uVtK+ +C7woUpEozog40x8iudunAAAACnJvb3RAZmxva2kBAgM= +-----END OPENSSH PRIVATE KEY----- diff --git a/etc/ssh/ssh_host_ed25519_key.pub b/etc/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..b8ff900 --- /dev/null +++ b/etc/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1Nz+NmSMMNru5aqP7uVtK+C7woUpEozog40x8iudun root@floki diff --git a/etc/ssh/ssh_host_rsa_key b/etc/ssh/ssh_host_rsa_key new file mode 100644 index 0000000..4027fdc --- /dev/null +++ b/etc/ssh/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEApTzqVhrvxsHJgn2wDzIOKtRr76TlRmiZOziCFz2ybUrBms+2O30s +CUosg5omVCwuWe74Fv6jG6Q8HMyGyDuefSXkCmBf+RD1wy4F1vfYXKSEag693NY1N4/NoV +mzi/5ne/Yk0byupC/Bu9i4tBHFtE8O6ZG85NqvYFwO/Jryw6EmMWVxrRweGDYNjdJl/5W7 +ncQMozYkUf5qJ6Sm75YejqkzTSnSrYfxXi+ex6ElvJwP5yHyzeIvqkW9Mdk5SS3J9ixm3g +rduZSV5ngExLx6jNwv/b7dYNKx8zdN4g5i9lIZMJr2swd8kOfLhdAB20msk83H44d8Ud31 +CkNW/NGRnUUFoij/Q0qFhYh5FX32DvR09C9xqYmIvJhGbwKsEkUo0unREyGR6NZA/QICxk +IU2WYJEafMtbkHd3t/pYwolO3fEQEktDSddxG6V/S69vjyyH6G4hYb9kOs1C7uRpirzS/b +8rs4VJ2swSptM2UygaKIrGsx+hWTQoaNzVApIoHhAAAFgAZz6XYGc+l2AAAAB3NzaC1yc2 +EAAAGBAKU86lYa78bByYJ9sA8yDirUa++k5UZomTs4ghc9sm1KwZrPtjt9LAlKLIOaJlQs +Llnu+Bb+oxukPBzMhsg7nn0l5ApgX/kQ9cMuBdb32FykhGoOvdzWNTePzaFZs4v+Z3v2JN +G8rqQvwbvYuLQRxbRPDumRvOTar2BcDvya8sOhJjFlca0cHhg2DY3SZf+Vu53EDKM2JFH+ +aiekpu+WHo6pM00p0q2H8V4vnsehJbycD+ch8s3iL6pFvTHZOUktyfYsZt4K3bmUleZ4BM +S8eozcL/2+3WDSsfM3TeIOYvZSGTCa9rMHfJDny4XQAdtJrJPNx+OHfFHd9QpDVvzRkZ1F +BaIo/0NKhYWIeRV99g70dPQvcamJiLyYRm8CrBJFKNLp0RMhkejWQP0CAsZCFNlmCRGnzL +W5B3d7f6WMKJTt3xEBJLQ0nXcRulf0uvb48sh+huIWG/ZDrNQu7kaYq80v2/K7OFSdrMEq +bTNlMoGiiKxrMfoVk0KGjc1QKSKB4QAAAAMBAAEAAAGABJ5myHn5Rzt/rmBk08McIHgoMJ +5eprCuzWtF2HBDjm8fNhYY3tUGLmSx4nEKu27+uEnU10O0rt83RPDP0nhqjjUvoiPRtIyt +g5BD3oXpnz4dnp9QRFEcH+deCDGrMj5HiaOdCA9q0rESpiinkdthuBALqsPsA608ALwIbG +j7+mbrQkjQVby299Z7wegzLK+nrmaRmd0eEWKrEfYCxCiuLJVJl1F6qTOz4srLxYKMico5 +xMXiQeOdxHf6X8XVv/6bhP8S7as70QxkDFUHGRBF9gOO8QPK+OczcdObABNqx+EqPUDNrU +gxtdVrxUjwMeZGcJY3CJ8p/rwxPhpCzCKH6JMf/JTXPKeloYDjsk4Lf2dw5JIWtIXxlC/D +uXI9aW9CgsdwQhcSAsAOvN1Cov2jfMUslYDXOvQAQMSwUB2vvdbDYC9R1THzUxlP3OosXv +as5GSr61ZPY3HTB8ARSPdTuC2IUdDl+CfLNph4OWYry/0WX1vJX8LjKEqxy8HAMO4JAAAA +wFyZgdOf0Is64R8F2B1iPidqx/s2viOEMSL+LsCH/uw4gE9wLm6z8G20OuOTa+KypRziRY +/xFGQpwa5Hlysg7kt5JqLWEPnPoDRwM/+CMgxweiwvv5F+GXSt1r6jAU/uIsbcfoaRGowD +LjJUwFfOE2xQzjoHqdCqRl9ibiA995GzUB/NVRoiOdJgt5NjLipO58dFNe+xvv2OSYEKrD +Osd/f2yetGi9Ytko41KXYXi6Eojr556UAAq/H5eEUlRk6hcQAAAMEAxqjX+yO1BGI/ZQ9R +uWGtu+k7K/plRE4o4aW3srHJpoNXHNJWGsWs7DRSwSqyEzDMf3y+z+kqrHAvQHp4YKzZpC +vYec+VfQSUlI6MgnQ6EqNY6neiwTheONfSoKCHCwserEfmE1lJYgHF5jI8CvrQnl/hvQCi +Tx5MX+5FXlI8X+CUYxQ4BElarDYCCBn4/fNaqOSC6g3BN6/xUWq3dE4Zoaptgh2X8YCJG3 +u5KhOFzPoPuP2Z6LBaGtwhZrvQcqRFAAAAwQDU7oQXjOnPkMreVEdCgJkK0KQbKDUam2CN +cjlXM2TaCaFcPF/aRuYf4eibEfd4mZ4RoDLQQuiyhlQ7TK152I0cvibIyZIJK/NS689P+3 +dHomLRRv62ehjnCPNrnbzvbpd0zJ54b0sNnnwbL5mH2v6i0YgmS8DaDtEQdfLahKohx8Qn +TyY36GSzp8gnxTmTa5nKcho3FO2RSKL9LxYvp1YM/lb0s2ajArtQia6QD/sUps0LG1I6+a +FoePSIoQPAlu0AAAAKcm9vdEBmbG9raQE= +-----END OPENSSH PRIVATE KEY----- diff --git a/etc/ssh/ssh_host_rsa_key.pub b/etc/ssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000..fa87890 --- /dev/null +++ b/etc/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClPOpWGu/GwcmCfbAPMg4q1GvvpOVGaJk7OIIXPbJtSsGaz7Y7fSwJSiyDmiZULC5Z7vgW/qMbpDwczIbIO559JeQKYF/5EPXDLgXW99hcpIRqDr3c1jU3j82hWbOL/md79iTRvK6kL8G72Li0EcW0Tw7pkbzk2q9gXA78mvLDoSYxZXGtHB4YNg2N0mX/lbudxAyjNiRR/monpKbvlh6OqTNNKdKth/FeL57HoSW8nA/nIfLN4i+qRb0x2TlJLcn2LGbeCt25lJXmeATEvHqM3C/9vt1g0rHzN03iDmL2UhkwmvazB3yQ58uF0AHbSayTzcfjh3xR3fUKQ1b80ZGdRQWiKP9DSoWFiHkVffYO9HT0L3GpiYi8mEZvAqwSRSjS6dETIZHo1kD9AgLGQhTZZgkRp8y1uQd3e3+ljCiU7d8RASS0NJ13EbpX9Lr2+PLIfobiFhv2Q6zULu5GmKvNL9vyuzhUnazBKm0zZTKBooisazH6FZNCho3NUCkigeE= root@floki diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config new file mode 100644 index 0000000..edacf09 --- /dev/null +++ b/etc/ssh/sshd_config @@ -0,0 +1,122 @@ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/etc/systemd/timesyncd.conf b/etc/systemd/timesyncd.conf new file mode 100644 index 0000000..112204b --- /dev/null +++ b/etc/systemd/timesyncd.conf @@ -0,0 +1,20 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# Entries in this file show the compile time defaults. Local configuration +# should be created by either modifying this file, or by creating "drop-ins" in +# the timesyncd.conf.d/ subdirectory. The latter is generally recommended. +# Defaults can be restored by simply deleting this file and all drop-ins. +# +# See timesyncd.conf(5) for details. + +[Time] +NTP=ca.pool.ntp.org +FallbackNTP=ntp.ubuntu.com +RootDistanceMaxSec=5 +PollIntervalMinSec=32 +PollIntervalMaxSec=2048