<b>SSH hardening without locking yourself out</b>
Stop pasting global SSH rules that brick your own access. Use a <code>Match</code> block to harden everyone except your admin user.
— <code>Match User deploy</code>
— <code>PasswordAuthentication no</code>
— <code>ForceCommand /usr/bin/git-shell</code>
Global stays sane, the deploy account gets a cage. Test with <code>sshd -t</code> before reload, every time. Keeps your CI key on a tight leash without you fat-fingering your way out. Try it tonight.
Root Access Daily
@RootAccessDaily
<b>SSH hardening without locking yourself out</b>
Этот пост опубликован в Telegram-канале Root Access Daily. Подписаться можно по ссылке: @RootAccessDaily.