2021-10-11 20:58:09 +00:00
|
|
|
# 8.2: Ubuntu 10
|
2021-10-12 08:05:11 +00:00
|
|
|
# 8.4: Debian 11 & Suse 15.3
|
2021-10-11 20:58:09 +00:00
|
|
|
# 8.6: Fedora 34 (no diff in *hardened policy* to 8.4)
|
|
|
|
|
# 8.7: Fedora 35 (no diff in *hardened policy* to 8.4)
|
2021-10-12 08:05:11 +00:00
|
|
|
# 8.8: Arch/Void
|
2021-10-11 20:58:09 +00:00
|
|
|
|
|
|
|
|
ssh_hardening_opts:
|
|
|
|
|
KexAlgorithms:
|
|
|
|
|
- curve25519-sha256
|
|
|
|
|
- curve25519-sha256@libssh.org
|
|
|
|
|
- diffie-hellman-group16-sha512
|
|
|
|
|
- diffie-hellman-group18-sha512
|
|
|
|
|
- diffie-hellman-group-exchange-sha256
|
|
|
|
|
Ciphers:
|
|
|
|
|
- chacha20-poly1305@openssh.com
|
|
|
|
|
- aes256-gcm@openssh.com
|
|
|
|
|
- aes128-gcm@openssh.com
|
|
|
|
|
- aes256-ctr
|
|
|
|
|
- aes192-ctr
|
|
|
|
|
- aes128-ctr
|
|
|
|
|
MACs:
|
|
|
|
|
- hmac-sha2-256-etm@openssh.com
|
|
|
|
|
- hmac-sha2-512-etm@openssh.com
|
|
|
|
|
- umac-128-etm@openssh.com
|
|
|
|
|
HostKeyAlgorithms:
|
|
|
|
|
- ssh-ed25519
|
|
|
|
|
- ssh-ed25519-cert-v01@openssh.com
|
|
|
|
|
- sk-ssh-ed25519@openssh.com
|
|
|
|
|
- sk-ssh-ed25519-cert-v01@openssh.com
|
|
|
|
|
- rsa-sha2-256
|
|
|
|
|
- rsa-sha2-512
|
|
|
|
|
- rsa-sha2-256-cert-v01@openssh.com
|
|
|
|
|
- rsa-sha2-512-cert-v01@openssh.com
|
|
|
|
|
|
