|
1 | 1 | # Name: K4YT3X Hardened OpenSSH Configuration |
2 | 2 | # Author: K4YT3X |
| 3 | +# Contributor: IceCodeNew |
| 4 | +# Contributor: brxken128 |
3 | 5 | # Date Created: October 5, 2020 |
4 | | -# Last Updated: December 21, 2023 |
| 6 | +# Last Updated: February 8, 2024 |
5 | 7 |
|
6 | 8 | # Licensed under the GNU General Public License Version 3 (GNU GPL v3), |
7 | 9 | # available at: https://www.gnu.org/licenses/gpl-3.0.txt |
8 | | -# (C) 2020-2023 K4YT3X |
| 10 | +# (C) 2020-2024 K4YT3X |
9 | 11 |
|
10 | 12 | ########## Binding ########## |
11 | 13 |
|
@@ -103,9 +105,10 @@ HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 |
103 | 105 | MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com |
104 | 106 |
|
105 | 107 | # short moduli should be deactivated before enabling the use of diffie-hellman-group-exchange-sha256 |
106 | | -# see this link for more details: https://github.com/k4yt3x/sshd_config#deactivating-short-diffie-hellman-moduli |
107 | | -#KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256 |
108 | | -KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 |
| 108 | +# see this link for more details: https://github.com/k4yt3x/sshd_config#deactivating-short-diffie-hellman-moduli |
| 109 | +# Chacha20-Poly1305 has been removed to mitigate the Terrapin attack: https://terrapin-attack.com/ |
| 110 | +# ecdh-sha2-nistp* algorithms have been removed due to concerns around NIST P-curves' design: https://github.com/jtesta/ssh-audit/issues/213#issuecomment-1774204745 |
| 111 | +KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512 |
109 | 112 |
|
110 | 113 | ########## Connection Preferences ########## |
111 | 114 |
|
|
0 commit comments