Comments (4)
Embracing the "decisions, not options" mantra we've tried to avoid having too many options esp. as related to logging and networking, to establish certain norms. I'm not sure I'd support allowing too many SSH config customizations to ensure stability, esp. when IPv4 is much better/faster when it comes to dealing with SSH performance.
I think SlickStack can attract a lot of power users who have dabbled in Bash but are mostly frontend designers and developers if we keep certain settings hardcoded.
That said, I'll keep this issue open. Again please use clear Issue topics, you have mixed together several different topics here which makes it difficult to address (and others to find). All the UFW related stuff should probably be in the existing topic, or a new topic perhaps.
from slickstack.
Sorry, I see what you mean re: UFW integrating a possible "allowed IPs" list for SSH port now, but I think this would probably introduce tons of confusion to typical users and possible conflicts with accessing servers after they have run the ss-install
the first time.
from slickstack.
Perhaps in the meanwhile, we need a failsafe for super cheap VMs that don't support IPv4:
## allow IPv6 SSH sessions (any) if no IPv4 address is detected on the server ##
https://github.com/littlebizzy/slickstack/blob/master/ss-install.txt#L184
Not active yet, needs some research and testing...
from slickstack.
You can ignore some of my previous responses, here are some updates to these requests:
SSH is going to remain IPv4-only for now in SlickStack for performance and stability reasons... perhaps this feature can be addressed in the future with a new GitHub Issue.
Port 22
AddressFamily inet
ListenAddress 0.0.0.0
# ListenAddress ::
Ref: https://github.com/littlebizzy/slickstack/blob/master/modules/ubuntu/22.04/sshd-config.txt
However, we did recently add the ability for users to only allow sudo SSH sessions from specified IP address they can fill during the setup wizard, this becomes the SSH_IPV4
option in ss-config
:
Ref: https://github.com/littlebizzy/slickstack/blob/master/bash/ss-config-sample.txt
This is the relevant line from sshd_config
:
AllowUsers @SUDO_USER@SSH_IPV4 @SFTP_USER
So currently it supports only a single IP address... we can consider extending this, with a new GitHub Issue. Also, the IP restriction does not apply to SFTP users since we envision SFTP being used by freelancers, web designers, and even third party applications such as CodeGuard backups and such, meaning restriction would cause problems.
As far as UFW, there are several other Issues about that so best to discuss elsewhere, but we have improved the stability of the boilerplates and configuration of UFW in the past several months.
If any related requests on these subjects, probably best to open a new Issue since this one is too mixed. Thanks!
from slickstack.
Related Issues (20)
- Auto restart MySQL service if it went down HOT 2
- MySQL and/or Redis crashing sometimes on Ubuntu 20.04 HOT 4
- Consider replacing Nginx with Caddy HOT 7
- Exiting ss-update-config: There is a version mismatch between this script and public mirrors.. HOT 1
- Migration slickstack between VPS to VPS HOT 1
- change php version and Install ioncube loader HOT 4
- Install freeze on Running ss-install-redis-packages... HOT 3
- Website very slow loading inside apps ios HOT 3
- CERT_AUTHORITY_INVALID After install HOT 1
- sudo user and sftp user HOT 1
- Perform custom tasks during certain SlickStack scripts
- Invalid user mysql:mysql error when using remote database
- Ensure more privacy for openssl cert generation. HOT 10
- SS_ADMINER_PUBLIC="false" does not work as intended. HOT 9
- Allow tuning of PHP8 JIT settings (opcache.jit options in php.ini) HOT 2
- Cloudflare real visitor IP support in Nginx config HOT 18
- Option to allow only Cloudflare IPs to connect to origin server HOT 2
- OpenVZ PHP-FPM "Unable to set priority for the master process: Permission denied" HOT 8
- Support for custom Permissions Policy HTTP header in Nginx HOT 6
- Improve WP-Cron robustness for Multisite environments HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slickstack.