ssh_config 679 B

1234567891011121314151617181920
  1. Protocol 2
  2. LogLevel VERBOSE
  3. # https://cipherli.st/
  4. # disable sha1 & nist
  5. KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  6. # disable des; use >= 128 bits
  7. Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  8. MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
  9. StrictHostKeyChecking yes
  10. PasswordAuthentication no
  11. ChallengeResponseAuthentication no
  12. ExitOnForwardFailure yes
  13. # https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem
  14. UseRoaming no