hosts/common/ssh: Add cipher/mac/kex configurations
This commit is contained in:
parent
cfcd525622
commit
fcc27711cd
1 changed files with 21 additions and 0 deletions
|
@ -4,6 +4,27 @@
|
|||
permitRootLogin = "prohibit-password";
|
||||
passwordAuthentication = false;
|
||||
kbdInteractiveAuthentication = false;
|
||||
ciphers = [
|
||||
"chacha20-poly1305@openssh.com"
|
||||
"aes256-gcm@openssh.com"
|
||||
"aes128-gcm@openssh.com"
|
||||
"aes256-ctr"
|
||||
"aes192-ctr"
|
||||
"aes128-ctr"
|
||||
];
|
||||
macs = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
"umac-128-etm@openssh.com"
|
||||
];
|
||||
kexAlgorithms = [
|
||||
# Experimental, disabled for now.
|
||||
# "sntrup761x25519-sha512@openssh.com"
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
# Disabled for being 2048-bit
|
||||
# "diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue