Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 13:46:44 -05:00
Code Issues Projects Releases Packages Wiki Activity

Add SSH hardening config

Browse source
This commit is contained in:
Aaron Rainbolt 2025-08-07 22:23:03 -05:00
parent 5f2425ba6f
commit 2ada07cf66
No known key found for this signature in database
GPG key ID: A709160D73C79109
2 changed files with 98 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
etc/ssh/ssh_config.d/30_security-misc.conf Normal file
View file

@ -0,0 +1,19 @@
## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Don't edit this file, to overwrite any options, edit a file with a higher
## number that is read later by SSH, such as
## '/etc/ssh/ssh_config.d/50_user.conf'. If your configuration changes do not
## need to be system-wide, you may also consider placing overrides in
## ~/.ssh/config.
Host *
VisualHostKey yes
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org
## To force the use of quantum-resistant key exchange algorithms, override
## the above with
# KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256
HostKeyAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519
PubkeyAcceptedAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519