aboutsummaryrefslogtreecommitdiff
path: root/ssh_config
diff options
context:
space:
mode:
authorPacien TRAN-GIRARD2016-11-08 17:03:03 +0100
committerPacien TRAN-GIRARD2016-11-08 17:03:03 +0100
commit3ff8396faddc994b180e7836764728cb03d4dc79 (patch)
treeb2aa84e7a83cbfaacfdd6111a147da04dd2ae174 /ssh_config
parent037b59eb7fe8d3f90b577f3397b6018d83e66e7b (diff)
downloadssh-hardened-3ff8396faddc994b180e7836764728cb03d4dc79.tar.gz
Enforce "Secure Secure Shell" recommendations
Diffstat (limited to 'ssh_config')
-rw-r--r--ssh_config14
1 files changed, 13 insertions, 1 deletions
diff --git a/ssh_config b/ssh_config
index 5cdc3eb..fc3a628 100644
--- a/ssh_config
+++ b/ssh_config
@@ -20,7 +20,19 @@
20# Minimum accepted size of the DH parameter p. By default this is set to 1024 20# Minimum accepted size of the DH parameter p. By default this is set to 1024
21# to maintain compatibility with RFC4419, but should be set higher. 21# to maintain compatibility with RFC4419, but should be set higher.
22# Upstream default is identical to setting this to 2048. 22# Upstream default is identical to setting this to 2048.
23#KexDHMin 1024 23#KexDHMin 4096
24
25KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
26HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
27Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
28MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
29
30ChallengeResponseAuthentication no
31PasswordAuthentication no
32PubkeyAuthentication yes
33
34UseRoaming no
35ForwardX11Trusted no
24 36
25Host * 37Host *
26# ForwardAgent no 38# ForwardAgent no