sshd_config 941 B

12345678910111213141516171819202122232425262728293031
  1. Protocol 2
  2. # LogLevel VERBOSE
  3. HostKey /etc/ssh/host_keys/rsa
  4. # https://cipherli.st/
  5. KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  6. Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  7. MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
  8. PermitRootLogin no
  9. PubkeyAuthentication yes
  10. # > RSA: The length of the modulus n shall be 2048 bits or more to meet the
  11. # > minimum security-strength requirement of 112 bits [...]
  12. # https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
  13. RequiredRSASize 2048
  14. PasswordAuthentication no
  15. StrictModes no
  16. # separated by spaces
  17. AllowUsers _
  18. ForceCommand /bin/false
  19. AllowAgentForwarding no
  20. AllowTcpForwarding all
  21. GatewayPorts no
  22. PermitTunnel no
  23. X11Forwarding no
  24. PermitUserEnvironment no
  25. PermitTTY no
  26. PrintMotd no