ssh-hardening/vars/ssh_7.4.yml

# 7.4: Debian 9
# 7.4: RedHat/CentOS 7

ssh_hardening_hostkeys:
  - ed25519

ssh_hardening_opts:
  KexAlgorithms:
    - curve25519-sha256
    - curve25519-sha256@libssh.org
    - diffie-hellman-group16-sha512
    - diffie-hellman-group18-sha512
    - diffie-hellman-group-exchange-sha256
  Ciphers:
    - chacha20-poly1305@openssh.com
    - aes256-gcm@openssh.com
    - aes128-gcm@openssh.com
    - aes256-ctr
    - aes192-ctr
    - aes128-ctr
  MACs:
    - hmac-sha2-256-etm@openssh.com
    - hmac-sha2-512-etm@openssh.com
    - umac-128-etm@openssh.com
First snapshot 2021-10-11 20:58:09 +00:00			`# 7.4: Debian 9`
			`# 7.4: RedHat/CentOS 7`

Disable RSA for old SSH versions closes #10 2021-10-19 08:24:47 +00:00			`ssh_hardening_hostkeys:`
			`- ed25519`

First snapshot 2021-10-11 20:58:09 +00:00			`ssh_hardening_opts:`
			`KexAlgorithms:`
			`- curve25519-sha256`
			`- curve25519-sha256@libssh.org`
			`- diffie-hellman-group16-sha512`
SSH 7.4: correct sort order 2021-10-11 21:56:10 +00:00			`- diffie-hellman-group18-sha512`
First snapshot 2021-10-11 20:58:09 +00:00			`- diffie-hellman-group-exchange-sha256`
			`Ciphers:`
			`- chacha20-poly1305@openssh.com`
			`- aes256-gcm@openssh.com`
			`- aes128-gcm@openssh.com`
			`- aes256-ctr`
			`- aes192-ctr`
			`- aes128-ctr`
			`MACs:`
			`- hmac-sha2-256-etm@openssh.com`
			`- hmac-sha2-512-etm@openssh.com`
			`- umac-128-etm@openssh.com`