-
-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom settings for SSH connections (IPv4 + IPv6 + allowed IPs) #41
Comments
Embracing the "decisions, not options" mantra we've tried to avoid having too many options esp. as related to logging and networking, to establish certain norms. I'm not sure I'd support allowing too many SSH config customizations to ensure stability, esp. when IPv4 is much better/faster when it comes to dealing with SSH performance. I think SlickStack can attract a lot of power users who have dabbled in Bash but are mostly frontend designers and developers if we keep certain settings hardcoded. That said, I'll keep this issue open. Again please use clear Issue topics, you have mixed together several different topics here which makes it difficult to address (and others to find). All the UFW related stuff should probably be in the existing topic, or a new topic perhaps. |
Sorry, I see what you mean re: UFW integrating a possible "allowed IPs" list for SSH port now, but I think this would probably introduce tons of confusion to typical users and possible conflicts with accessing servers after they have run the |
Perhaps in the meanwhile, we need a failsafe for super cheap VMs that don't support IPv4:
https://github.com/littlebizzy/slickstack/blob/master/ss-install.txt#L184 Not active yet, needs some research and testing... |
You can ignore some of my previous responses, here are some updates to these requests: SSH is going to remain IPv4-only for now in SlickStack for performance and stability reasons... perhaps this feature can be addressed in the future with a new GitHub Issue.
Ref: https://github.com/littlebizzy/slickstack/blob/master/modules/ubuntu/22.04/sshd-config.txt However, we did recently add the ability for users to only allow sudo SSH sessions from specified IP address they can fill during the setup wizard, this becomes the Ref: https://github.com/littlebizzy/slickstack/blob/master/bash/ss-config-sample.txt This is the relevant line from
So currently it supports only a single IP address... we can consider extending this, with a new GitHub Issue. Also, the IP restriction does not apply to SFTP users since we envision SFTP being used by freelancers, web designers, and even third party applications such as CodeGuard backups and such, meaning restriction would cause problems. As far as UFW, there are several other Issues about that so best to discuss elsewhere, but we have improved the stability of the boilerplates and configuration of UFW in the past several months. If any related requests on these subjects, probably best to open a new Issue since this one is too mixed. Thanks! |
I am still too unexperimented to fork and submit work. I have a few codes suggestions
The code seems to work fine though a review is highly recommenced.
ss-config
ss-install
ss-update
The text was updated successfully, but these errors were encountered: