Merge pull request #53 from pdomagala/update-ssh-algorithms

Cryptophobia · web-flow · commit 75e37c0e6a14 · 2019-12-06T07:56:25.000-08:00
chore(sshd): exclude deprecated SSHv2 key exchange algorithms
diff --git a/rootfs/etc/ssh/sshd_config b/rootfs/etc/ssh/sshd_config
@@ -6,7 +6,7 @@ UsePrivilegeSeparation yes
 KeyRegenerationInterval 3600
 ServerKeyBits 768
 SyslogFacility AUTH
-LogLevel INFO
+LogLevel VERBOSE
 LoginGraceTime 120
 PermitRootLogin yes
 StrictModes yes
@@ -26,3 +26,6 @@ TCPKeepAlive yes
 #AcceptEnv LANG LC_*
 Subsystem sftp /usr/lib/openssh/sftp-server
 UseDNS no
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
