danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Build custom libssh2 and enable hmac-sha2-512 as best matching MAC

Browse Source
This commit is contained in:
Daniel Winzen
2020-07-19 13:33:53 +02:00
parent 4a09f99ff7
commit 825a2967e2
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -37,7 +37,7 @@ apt-get --no-install-recommends install apt-transport-tor brotli bzip2 clamav-da
``` ```
The following command will install all required build dependencies for nginx and php: The following command will install all required build dependencies for nginx and php:
``` ```
apt-get --no-install-recommends install -y autoconf bison g++ gcc ghostscript gnupg libargon2-dev libatomic-ops-dev libbz2-dev libbrotli-dev libc-client2007e-dev libcurl4-openssl-dev libedit-dev libenchant-dev libffi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libkrb5-dev libldap2-dev liblmdb-dev libmagickwand-dev libmariadb-dev libonig-dev libpcre3-dev libpng-dev libpspell-dev libqdbm-dev libreadline-dev libsasl2-dev libsodium-dev libsqlite3-dev libssh2-1-dev libssl-dev libsystemd-dev libtidy-dev libwebp-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev make poppler-utils re2c zlib1g-dev apt-get --no-install-recommends install -y autoconf bison g++ gcc ghostscript gnupg libargon2-dev libatomic-ops-dev libbz2-dev libbrotli-dev libc-client2007e-dev libcurl4-openssl-dev libedit-dev libenchant-dev libffi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libkrb5-dev libldap2-dev liblmdb-dev libmagickwand-dev libmariadb-dev libonig-dev libpcre3-dev libpng-dev libpspell-dev libqdbm-dev libreadline-dev libsasl2-dev libsodium-dev libsqlite3-dev libssl-dev libsystemd-dev libtidy-dev libtool libwebp-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev make poppler-utils re2c zlib1g-dev
``` ```
Note that both, debian and the torproject have hidden service package archives, so you may want to edit /etc/apt/sources.list to load from those instead: Note that both, debian and the torproject have hidden service package archives, so you may want to edit /etc/apt/sources.list to load from those instead:

2
etc/ssh/sshd_config
View File

@ -100,7 +100,7 @@ Subsystem sftp internal-sftp
# Hardened set of key exchange, cipher, and MAC algorithms, as per <https://www.sshaudit.com/hardening_guides.html>. # Hardened set of key exchange, cipher, and MAC algorithms, as per <https://www.sshaudit.com/hardening_guides.html>.
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512
Match User root Match User root
AuthenticationMethods publickey AuthenticationMethods publickey

6
install_binaries.sh
View File

@ -1,4 +1,10 @@
#!/bin/sh #!/bin/sh
git clone https://github.com/libssh2/libssh2
cd libssh2
autoreconf -fi
CFLAGS="-O3 -march=native -mtune=native" ./configure
make -j $(nproc) install
cd ..
git clone https://github.com/nginx/nginx git clone https://github.com/nginx/nginx
cd nginx cd nginx
git clone https://github.com/google/ngx_brotli git clone https://github.com/google/ngx_brotli