123456789101112131415161718192021222324 |
- Protocol 2
- LogLevel VERBOSE
- # https://cipherli.st/
- # disable sha1 & nist
- KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
- # disable des; use >= 128 bits
- Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
- MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
- StrictHostKeyChecking yes
- PasswordAuthentication no
- ChallengeResponseAuthentication no
- ExitOnForwardFailure yes
- # https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem
- UseRoaming no
- # prevent idle connection from timing out
- # https://serveo.net/
- ServerAliveInterval 60
|