|
1 | 1 | # Name: K4YT3X Hardened OpenSSH Configuration |
2 | 2 | # Author: K4YT3X |
3 | 3 | # Date Created: October 5, 2020 |
4 | | -# Last Updated: October 10, 2020 |
| 4 | +# Last Updated: October 15, 2020 |
5 | 5 |
|
6 | 6 | # Licensed under the GNU General Public License Version 3 (GNU GPL v3), |
7 | 7 | # available at: https://www.gnu.org/licenses/gpl-3.0.txt |
@@ -98,9 +98,13 @@ PubkeyAuthentication yes |
98 | 98 | # explicitly define cryptography algorithms to avoid the use of weak algorithms |
99 | 99 | Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr |
100 | 100 | HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 |
101 | | -KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 |
102 | 101 | MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com |
103 | 102 |
|
| 103 | +# short moduli should be deactivated before enabling the use of diffie-hellman-group-exchange-sha256 |
| 104 | +# see this link for more details: https://github.com/k4yt3x/sshd_config#deactivating-short-diffie-hellman-moduli |
| 105 | +#KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256 |
| 106 | +KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 |
| 107 | + |
104 | 108 | ########## Connection Preferences ########## |
105 | 109 |
|
106 | 110 | # number of client alive messages sent without client responding |
|
0 commit comments