Difference between revisions of "SSH"

From YobiWiki
Jump to navigation Jump to search
(Created page with "Notes on upgrading SSH parameters... <pre> ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ed25519_key </pre> <source...")
 
m
Line 3: Line 3:
 
<pre>
 
<pre>
 
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
 
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ed25519_key
+
ssh-keygen -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
 
</pre>
 
</pre>
   

Revision as of 00:07, 6 August 2016

Notes on upgrading SSH parameters...

ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
ssh-keygen -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key

+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

-UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox
 
-LogLevel INFO
+LogLevel VERBOSE
 
-Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
service sshd restart