Security and diagnostic tool

When following this guide the user is met with two alerts by the diagnostic tool:

  • The port 22 is no longer available
  • /etc/ssh/sshd_confighas been modified

While this is true, I feel like it gives a bad sign to the user. Maybe in the future some sort of security profiles could be set up that would check that indeed the port 22 can’t be brute-forced.

Also, I am no worried about loosing updates to /etc/ssh/sshd_config in futures updates. I’d love to be able to have the option of setting this security measure in autopilot mode.

Yes indeed, thing is that the security documentation page was written a long time ago, and since then we have the diagnosis mechanism since 3.8 (like 6 month ago) so it’s still a bit “fresh” on the scale of the project’s entire history …

In the long term, changing the SSH port should be handled using a yunohost setting like we already do for other things (e.g. nginx ciphers …) so that it properly integrates with Yunohost in terms of firewall, regenconf, and also fail2ban configuration, without the admin having to worry about all this…

It would be a somewhat ~easy yet pretty meaningful first contribution for anybody willing to join and contribute to the project :stuck_out_tongue_winking_eye:

1 Like

I’ve thought about it for a while and I think I might give it a try. However I can’t seem to be able to find in the sources where the code for this is :confused:

Changing the SSH port is now handled by a setting, as described in Security | Yunohost Documentation