Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 20:06:19 -05:00
Code Issues Projects Releases Packages Wiki Activity
security-misc/etc/ssh/ssh_config.d/30_security-misc.conf
Aaron Rainbolt 2ada07cf66
Add SSH hardening config
2025-08-07 22:23:03 -05:00

19 lines
1 KiB
Text
Raw Blame History

## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Don't edit this file, to overwrite any options, edit a file with a higher
## number that is read later by SSH, such as
## '/etc/ssh/ssh_config.d/50_user.conf'. If your configuration changes do not
## need to be system-wide, you may also consider placing overrides in
## ~/.ssh/config.
Host *
VisualHostKey yes
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org
## To force the use of quantum-resistant key exchange algorithms, override
## the above with
# KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256
HostKeyAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519
PubkeyAcceptedAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519
Reference in a new issue View git blame Copy permalink