switch to rocky linux 10, add --init for zombie reaping, fix NAT setup

- base image alpine -> rockylinux:10 (cgit/fcgiwrap from EPEL) - drop spawn-fcgi, use fcgiwrap -s directly - add --init to reap zombie sshd-auth processes (PID exhaustion fix) - replace ip addr/route networking with nft DNAT/SNAT/FORWARD rules - add FORWARD accept rule that was missing for inbound DNAT traffic
author: Your Name <you@example.com> 2026-02-18 15:12:32 +0800
committer: Your Name <you@example.com> 2026-02-18 15:12:32 +0800
commit: c3a377a265d2ca92b8823be281fa0e487d30692b (patch)
tree: 1d5b4213c65635ffdd82921b633eaaf5bebd2e60 /sshd_config
parent: b0572c958427ae6ad75109752e9741aab31ad65a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sshd_config b/sshd_config
index 5d31e36..0270433 100644
--- a/sshd_config
+++ b/sshd_config
@@ -7,4 +7,4 @@ AuthorizedKeysFile /git/.ssh/authorized_keys
 MaxStartups 3:50:10
 # Kill unauthenticated connections after 15 seconds
 LoginGraceTime 15
-Subsystem sftp /usr/lib/ssh/sftp-server
+Subsystem sftp /usr/libexec/openssh/sftp-server
author	Your Name <you@example.com>	2026-02-18 15:12:32 +0800
committer	Your Name <you@example.com>	2026-02-18 15:12:32 +0800
commit	c3a377a265d2ca92b8823be281fa0e487d30692b (patch)
tree	1d5b4213c65635ffdd82921b633eaaf5bebd2e60 /sshd_config
parent	b0572c958427ae6ad75109752e9741aab31ad65a (diff)

diff --git a/sshd_config b/sshd_config index 5d31e36..0270433 100644 --- a/sshd_config +++ b/sshd_config
@@ -7,4 +7,4 @@ AuthorizedKeysFile /git/.ssh/authorized_keys
7	MaxStartups 3:50:10	7	MaxStartups 3:50:10
8	# Kill unauthenticated connections after 15 seconds	8	# Kill unauthenticated connections after 15 seconds
9	LoginGraceTime 15	9	LoginGraceTime 15
10	Subsystem sftp /usr/lib/ssh/sftp-server	10	Subsystem sftp /usr/libexec/openssh/sftp-server