| Mohammed Naser | cc6868b | 2025-01-18 15:49:44 -0500 | [diff] [blame] | 1 | # SPDX-FileCopyrightText: © 2025 VEXXHOST, Inc. |
| 2 | # SPDX-License-Identifier: GPL-3.0-or-later |
| Mohammed Naser | 735efe2 | 2024-06-26 23:46:25 -0400 | [diff] [blame] | 3 | # Atmosphere-Rebuild-Time: 2024-06-26T17:38:39Z |
| Mohammed Naser | 3769438 | 2024-04-02 21:11:31 -0400 | [diff] [blame] | 4 | |
| Mohammed Naser | cc6868b | 2025-01-18 15:49:44 -0500 | [diff] [blame] | 5 | FROM openstack-runtime |
| Mohammed Naser | da99423 | 2024-04-13 12:34:01 -0400 | [diff] [blame] | 6 | RUN <<EOF bash -xe |
| 7 | apt-get update -qq |
| 8 | apt-get install -qq -y --no-install-recommends \ |
| vexxhost-bot | a30bc18 | 2025-01-07 01:39:57 -0500 | [diff] [blame] | 9 | iproute2 \ |
| Mohammed Naser | da99423 | 2024-04-13 12:34:01 -0400 | [diff] [blame] | 10 | openssh-server \ |
| 11 | openssh-client |
| 12 | EOF |
| 13 | RUN <<EOF bash -xe |
| 14 | chown -R nova: /etc/ssh |
| 15 | mkdir /var/run/sshd |
| 16 | chmod 0755 /var/run/sshd |
| 17 | EOF |
| Mohammed Naser | 0c77909 | 2024-06-05 10:35:00 -0400 | [diff] [blame] | 18 | COPY <<EOF /etc/ssh/sshd_config.d/00-hardening.conf |
| 19 | Ciphers aes256-ctr,aes192-ctr |
| 20 | MACs hmac-sha2-512,hmac-sha2-256 |
| 21 | KexAlgorithms diffie-hellman-group-exchange-sha256 |
| 22 | HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 |
| 23 | MaxAuthTries 3 |
| 24 | EOF |