Protocol 2 LogLevel VERBOSE # https://cipherli.st/ # disable sha1 & nist KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 # disable des; use >= 128 bits Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com StrictHostKeyChecking yes PasswordAuthentication no ChallengeResponseAuthentication no ExitOnForwardFailure yes # https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem UseRoaming no # prevent idle connection from timing out # https://serveo.net/ ServerAliveInterval 60