On secure-shell security

On secure-shell security https://sysdogs.com/on-secure-shell-security/

Thu 03 Sep 2020 03:08:33 PM PDT

Wants to be the "cryptographic right answers" document, but for SSH.

Archived.

Maybe have Glitch monitor it?

/etc/ssh/sshd_config:

Protocol 2
AuthenticationMethods publickey
PasswordAuthentication no
PermitEmptyPasswords no
X11Forwarding no
AllowAgentForwarding no

# The problem with having "MaxAuthTries 2" is, the more keys your
# SSH agent has, the more chances you'll have to get locked out.
# I set it to <my number of SSH keys> +2.
MaxAuthTries 10
MaxSessions 10
HostbasedAuthentication no
IgnoreRhosts yes
PermitRootLogin no

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Links per page

Filters