12345678910111213141516171819202122232425262728293031 |
- Protocol 2
- # LogLevel VERBOSE
- HostKey /etc/ssh/host_keys/rsa
- # https://cipherli.st/
- KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
- Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
- MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
- PermitRootLogin no
- PubkeyAuthentication yes
- # > RSA: The length of the modulus n shall be 2048 bits or more to meet the
- # > minimum security-strength requirement of 112 bits [...]
- # https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
- RequiredRSASize 2048
- PasswordAuthentication no
- StrictModes no
- # separated by spaces
- AllowUsers _
- ForceCommand /bin/false
- AllowAgentForwarding no
- AllowTcpForwarding all
- GatewayPorts no
- PermitTunnel no
- X11Forwarding no
- PermitUserEnvironment no
- PermitTTY no
- PrintMotd no
|