cullmann/nixos
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

more sane ssh settings, see https://github.com/jtesta/ssh-audit

Browse source
This commit is contained in:
Christoph Cullmann 2023-12-29 12:08:50 +01:00
parent 35b3ed0cbc
commit 83ca6290a2
No known key found for this signature in database
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
common.nix
View file

@ -83,7 +83,12 @@ in
hostKeys = [{ hostKeys = [{
path = "/nix/persistent/ssh_host_ed25519_key"; path = "/nix/persistent/ssh_host_ed25519_key";
type = "ed25519"; type = "ed25519";
}]; }];;
# only safe ciphers & Co.
settings.Ciphers = [ "aes256-gcm@openssh.com" ];
settings.KexAlgorithms = [ "sntrup761x25519-sha512@openssh.com" ];
settings.Macs = [ "hmac-sha2-512-etm@openssh.com" ];
}; };
# guard the ssh service # guard the ssh service