Hardware: dedicated server bought online YunoHost version: not installed yet I have access to my server : Through SSH Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hi everyone
I just bought a dedicated server online, but before installing YunoHost I started to increase a little bit the security, hence I made changes in the /etc/ssh/sshd_config file
Then i started reading about YunoHost installation, and I saw here that if a make a modification to this file, YunoHost will not manage it anymore
But I would lilke YunoHost to manage it actually. So, before trying to install YunoHost I want to know what I can do to make that happens ?
indeed, I don’t know how YunoHost decides that it will not manage the file itself, is it base on a diff with a template, or on the modification time of the file, or anything else ? And i didn’t find a list of all YunoHost’s commands, to check if there was a command to do what i want ?
thank you for the link with the commands ! I expected indeed that, once i will have installed YunoHost, i could run an --help command, thanks to confirming that
it’s really good to know about the hooks, but if I can use a native yunohost command as you said, and let yunohost manage my file, it’s better for me
the modifications I have done to my sshd_file are mainly to ensure that connection can be done only with ssh key, not passord. Do you know if there is a yunohost command for that ?
I have not installed YunoHost yet, mainly because I wonder how I can make yunohost manage my sshd_config file, and if i should rather do some changes before installation. Since I don’t know how yunohost decides to manage a file or not, and if this decision is definitive or re-considered sometime, I ask myself a lot of questions, like :
if i change the file back to its original state BEFORE installing yunohost, will it work ?
if i change it back AFTER installing yunohost, will it work too ?
do i even need to change it back, or will yunohost change it to what it consider to be the default state at installation time ?
or is there a command to reset the file and let yunohost manage it again ?
in case i need to change it to its original form, how can i be sure what content will appears to be the original one for yunohost ?
etc…
anyway, if i don’t find the answer, at least now I know that there will be the hook solution, that’s cool !
If you want YunoHost to handle the file and it is not yet installed, you will get asked during the installation if you want it to override the current configuration.
If YunoHost is already installed, you can force-regenerate the file with sudo yunohost tools regen-conf ssh -f.
thank you that’s exactly what i was looking for !
I’m trying to look at the source code, but that’s a lot of things to understand !
I see the sshd_config file here : https://github.com/YunoHost/yunohost/blob/dev/conf/ssh/sshd_config in which i can see the command to disable password authentication : yunohost settings set security.ssh.ssh_password_authentication -v no so that’s perfect for what i wanted !
After you install yunohost, you can also find the option in the webadmin. In the menu yunohost settings/security, you have a slider to allow (or not) SSH password authentication.
