SSH
Jump to navigation
Jump to search
Notes on upgrading SSH parameters...
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key The key fingerprint is: 0f:9c:b1:d6:ef:74:1d:c7:6c:31:46:1c:f9:a1:fe:b1 root@public The key's randomart image is: +---[ECDSA 256]---+ | .oo| | .+ | | . .+o| | . = ..o+| | S . . .=| | . o . . +o| | . o o +| | o . E | | . | +-----------------+ ssh-keygen -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key The key fingerprint is: a3:25:8e:ca:4e:d3:10:06:a8:19:6b:40:51:c5:be:3e root@public The key's randomart image is: +--[ED25519 256]--+ |+oo.o. | |+. . | |o+o . | |+o . . | |. . o S | | o + + . | | o + o | | o o E | | .+ . | +-----------------+
+HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+#Only since OpenSSH 6.8:
+#HostbasedAcceptedKeyTypes ssh-ed25519,ssh-rsa
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
-UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox
-LogLevel INFO
+LogLevel VERBOSE
-Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
service sshd restart