Difference between revisions of "SSH"
Jump to navigation
Jump to search
(Created page with "Notes on upgrading SSH parameters... <pre> ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ed25519_key </pre> <source...") |
m |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
<pre> |
<pre> |
||
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key |
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key |
||
| + | The key fingerprint is: |
||
| ⚫ | |||
| + | 0f:9c:b1:d6:ef:74:1d:c7:6c:31:46:1c:f9:a1:fe:b1 root@public |
||
| + | The key's randomart image is: |
||
| + | +---[ECDSA 256]---+ |
||
| + | | .oo| |
||
| + | | .+ | |
||
| + | | . .+o| |
||
| + | | . = ..o+| |
||
| + | | S . . .=| |
||
| + | | . o . . +o| |
||
| + | | . o o +| |
||
| + | | o . E | |
||
| + | | . | |
||
| + | +-----------------+ |
||
| + | |||
| ⚫ | |||
| + | The key fingerprint is: |
||
| + | a3:25:8e:ca:4e:d3:10:06:a8:19:6b:40:51:c5:be:3e root@public |
||
| + | The key's randomart image is: |
||
| + | +--[ED25519 256]--+ |
||
| + | |+oo.o. | |
||
| + | |+. . | |
||
| + | |o+o . | |
||
| + | |+o . . | |
||
| + | |. . o S | |
||
| + | | o + + . | |
||
| + | | o + o | |
||
| + | | o o E | |
||
| + | | .+ . | |
||
| + | +-----------------+ |
||
</pre> |
</pre> |
||
| Line 12: | Line 41: | ||
+HostKey /etc/ssh/ssh_host_ecdsa_key |
+HostKey /etc/ssh/ssh_host_ecdsa_key |
||
| − | +KexAlgorithms curve25519-sha256@libssh.org |
+ | +KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 |
| + | +#Only since OpenSSH 6.8: |
||
| + | +#HostbasedAcceptedKeyTypes ssh-ed25519,ssh-rsa |
||
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr |
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr |
||
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com |
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com |
||
| Line 29: | Line 60: | ||
service sshd restart |
service sshd restart |
||
</pre> |
</pre> |
||
| + | |||
| + | See also https://blog.g3rt.nl/upgrade-your-ssh-keys.html |
||
Latest revision as of 16:44, 2 January 2017
Notes on upgrading SSH parameters...
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key The key fingerprint is: 0f:9c:b1:d6:ef:74:1d:c7:6c:31:46:1c:f9:a1:fe:b1 root@public The key's randomart image is: +---[ECDSA 256]---+ | .oo| | .+ | | . .+o| | . = ..o+| | S . . .=| | . o . . +o| | . o o +| | o . E | | . | +-----------------+ ssh-keygen -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key The key fingerprint is: a3:25:8e:ca:4e:d3:10:06:a8:19:6b:40:51:c5:be:3e root@public The key's randomart image is: +--[ED25519 256]--+ |+oo.o. | |+. . | |o+o . | |+o . . | |. . o S | | o + + . | | o + o | | o o E | | .+ . | +-----------------+
+HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+#Only since OpenSSH 6.8:
+#HostbasedAcceptedKeyTypes ssh-ed25519,ssh-rsa
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
-UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox
-LogLevel INFO
+LogLevel VERBOSE
-Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
service sshd restart