diff options
| author | Bertrand Jacquin <bertrand@jacquin.bzh> | 2018-09-20 23:56:13 +0100 |
|---|---|---|
| committer | Bertrand Jacquin <bertrand@jacquin.bzh> | 2018-10-05 00:10:38 +0100 |
| commit | 07d8c8f0b7d343ec2e1e06334739008f82fd487e (patch) | |
| tree | 15e63998b165acdc8bce2c3c0a5e05aee6dab1b8 | |
| parent | sys-kernel/stable-sources: Version bump (diff) | |
| download | portage-07d8c8f0b7d343ec2e1e06334739008f82fd487e.tar.xz | |
factory-default: Harden net-misc/openssh configuration
| -rw-r--r-- | factory-default/net-misc/openssh/etc/ssh/sshd_config | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/factory-default/net-misc/openssh/etc/ssh/sshd_config b/factory-default/net-misc/openssh/etc/ssh/sshd_config index 8e7b4239..59f5fad9 100644 --- a/factory-default/net-misc/openssh/etc/ssh/sshd_config +++ b/factory-default/net-misc/openssh/etc/ssh/sshd_config @@ -10,7 +10,6 @@ Protocol 2 # HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key # Facility code that is used when logging messages @@ -25,6 +24,15 @@ LoginGraceTime 5s # Disable root login PermitRootLogin no +# Available KEX (Key Exchange) algorithms +KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521 + +# Available ciphers +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com + +# Available MAC (message authentication code) algorithms +MACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com + # Check file modes and ownership of the user's files and home directory # before accepting login StrictModes yes |