Difference between revisions of "SSH"
Jump to navigation
Jump to search
(Created page with "Notes on upgrading SSH parameters... <pre> ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ed25519_key </pre> <source...") |
m |
||
Line 3: | Line 3: | ||
<pre> |
<pre> |
||
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key |
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key |
||
− | ssh-keygen -N "" -t |
+ | ssh-keygen -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key |
</pre> |
</pre> |
||
Revision as of 00:07, 6 August 2016
Notes on upgrading SSH parameters...
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key ssh-keygen -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
-UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox
-LogLevel INFO
+LogLevel VERBOSE
-Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
service sshd restart