Can i make YunoHost manage this file /etc/ssh/sshd_config if I modified it before installation?

My YunoHost server

Hardware: dedicated server bought online
YunoHost version: not installed yet
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi everyone :slight_smile:

I just bought a dedicated server online, but before installing YunoHost I started to increase a little bit the security, hence I made changes in the /etc/ssh/sshd_config file

Then i started reading about YunoHost installation, and I saw here that if a make a modification to this file, YunoHost will not manage it anymore

But I would lilke YunoHost to manage it actually. So, before trying to install YunoHost I want to know what I can do to make that happens ?

indeed, I don’t know how YunoHost decides that it will not manage the file itself, is it base on a diff with a template, or on the modification time of the file, or anything else ? And i didn’t find a list of all YunoHost’s commands, to check if there was a command to do what i want ?

Hi,

What do you want to modify in sshd_config?

You can find commands with the --help option. Example:

yunohost --help
yunohost tools --help
yunohost tools upgrade --help

You can make modifications and allow yunohost to manage this file with a hook. But if there’s a native yunohost command, use it rather than a hook.

1 Like

thank you for the reply :slight_smile:

  • thank you for the link with the commands ! I expected indeed that, once i will have installed YunoHost, i could run an --help command, thanks to confirming that

  • it’s really good to know about the hooks, but if I can use a native yunohost command as you said, and let yunohost manage my file, it’s better for me

  • the modifications I have done to my sshd_file are mainly to ensure that connection can be done only with ssh key, not passord. Do you know if there is a yunohost command for that ?

  • I have not installed YunoHost yet, mainly because I wonder how I can make yunohost manage my sshd_config file, and if i should rather do some changes before installation. Since I don’t know how yunohost decides to manage a file or not, and if this decision is definitive or re-considered sometime, I ask myself a lot of questions, like :

    • if i change the file back to its original state BEFORE installing yunohost, will it work ?
    • if i change it back AFTER installing yunohost, will it work too ?
    • do i even need to change it back, or will yunohost change it to what it consider to be the default state at installation time ?
    • or is there a command to reset the file and let yunohost manage it again ?
    • in case i need to change it to its original form, how can i be sure what content will appears to be the original one for yunohost ?
    • etc…

anyway, if i don’t find the answer, at least now I know that there will be the hook solution, that’s cool !

If you want YunoHost to handle the file and it is not yet installed, you will get asked during the installation if you want it to override the current configuration.

If YunoHost is already installed, you can force-regenerate the file with sudo yunohost tools regen-conf ssh -f.

2 Likes

thank you :slight_smile: that’s exactly what i was looking for !

I’m trying to look at the source code, but that’s a lot of things to understand !

I see the sshd_config file here : https://github.com/YunoHost/yunohost/blob/dev/conf/ssh/sshd_config in which i can see the command to disable password authentication : yunohost settings set security.ssh.ssh_password_authentication -v no so that’s perfect for what i wanted !

1 Like

After you install yunohost, you can also find the option in the webadmin. In the menu yunohost settings/security, you have a slider to allow (or not) SSH password authentication.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.