sshd_config 935 B

123456789101112131415161718192021222324252627282930
  1. Protocol 2
  2. # LogLevel VERBOSE
  3. HostKey /etc/ssh/host_keys/rsa
  4. # https://cipherli.st/
  5. KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  6. Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  7. MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
  8. PermitRootLogin no
  9. PubkeyAuthentication yes
  10. # > RSA: The length of the modulus n shall be 2048 bits or more to meet the
  11. # > minimum security-strength requirement of 112 bits [...]
  12. # https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
  13. RequiredRSASize 2048
  14. PasswordAuthentication no
  15. StrictModes no
  16. # separated by spaces
  17. AllowUsers _
  18. ForceCommand /usr/bin/rrsync /data
  19. AllowAgentForwarding no
  20. AllowTcpForwarding no
  21. GatewayPorts no
  22. X11Forwarding no
  23. PermitUserEnvironment no
  24. PermitTTY no
  25. PrintMotd no