SSH
Revision as of 00:07, 6 August 2016 by <bdi>PhilippeTeuwen</bdi> (talk | contribs)
Notes on upgrading SSH parameters...
ssh-keygen -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key ssh-keygen -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
-UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox
-LogLevel INFO
+LogLevel VERBOSE
-Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
service sshd restart