OpenSSH sshd_config

offbeat · September 6, 2022 at 5:46 PM

Is there any to customize OpenSSH server configuration in LibreELEC?

I mean either override /etc/ssh/sshd_config as a whole, or by including additional snippets.

Need to customize ssh port, as well as tighten encryption algorithms.

Default configuration is rather lax, ssh-audit gives following recomendations:

Code

# algorithm recommendations (for OpenSSH 9.0)
(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove 
(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove 
(rec) -hmac-sha1                            -- mac algorithm to remove 
(rec) [email protected]            -- mac algorithm to remove 
(rec) -hmac-sha2-256                        -- mac algorithm to remove 
(rec) -hmac-sha2-512                        -- mac algorithm to remove 
(rec) [email protected]                 -- mac algorithm to remove 
(rec) [email protected]              -- mac algorithm to remove 
(rec) [email protected]                  -- mac algorithm to remove

Display More

**mglae** · September 6, 2022 at 10:18 PM

Create a drop in file to use custom sshd_config (untested):

Code: /storage/.config/system.d/sshd.service.d/config_file.conf

[Service]
ExecStart=
ExecStart=/usr/sbin/sshd -D -f /storage/.config/sshd_config $SSH_ARGS