Releases: loranmutafov/simple-bastion
Releases · loranmutafov/simple-bastion
v1.1.4 Make LogLevel configurable
Make LogLevel configurable
v1.1.3 Fix debug configuration
Fix debug logging and rename it to better reflect it is debug logging… … and not simply verbosity
v1.1.2 Make verbosity configurable
Make verbosity configurable
v1.1.1 Expand configurability
Make the following sshd
options configurable via env vars:
ClientAliveCountMax
viaCLIENT_ALIVE_COUNT_MAX
ClientAliveInterval
viaCLIENT_ALIVE_INTERVAL
TCPKeepAlive
viaTCP_KEEP_ALIVE
v1.1.0 Add user:ssh provisioning
Enables provisioning of SSH keys per user a-la GCP, i.e. user:public_key
Example of the provisioning config:
cloudysanfrancisco:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF...
baklavainthebalkans:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQDx3FNVC8...
v1.1.0-beta8 Replace last approach with simply disabling the user password in /etc/shadow
v1.1.0-beta8 Replace last approach with simply disabling the user password in /etc/shadow
Pre-release
Pre-release
Using a star * instead of a bang !, keeps the user account unlocked, but still disables login by password by keeping the password invalid.
Effectively this leaves only the option of public key ssh login.
v1.1.0-beta7 Substitute usermod approach with UsePAM setting
Substitute usermod approach with UsePAM setting
v1.1.0-beta6 Disable password-based access for ssh users
Disable password-based access for ssh users
v1.1.0-beta5 Allow ssh-access to all bastion users
Give ssh access to all bastion-group users
v1.1.0-beta4 Call script by its absolute path
Call script by its absolute path