Use sntrup761x25519-sha512@openssh.com beginning with 8.5
This commit is contained in:
Sven Velt
parent
8c96e48deb
commit
9751d3f8e9
10
README.md
10
README.md
|
|
@ -54,11 +54,13 @@ SSH versions
|
||||||
- 8.1: Suse 15.2
|
- 8.1: Suse 15.2
|
||||||
- 8.2: Ubuntu 20.04 "focal"
|
- 8.2: Ubuntu 20.04 "focal"
|
||||||
- 8.3:
|
- 8.3:
|
||||||
- 8.4: Debian 11 "bullseye", Fedora 33, Suse 15.3
|
- 8.4: Alpine 3.13, Debian 11 "bullseye", Fedora 33, OpenSUSE 15.3/15.4
|
||||||
- 8.5:
|
- 8.5: (added `sntrup761x25519-sha512@openssh.com`)
|
||||||
- 8.6: Fedora 34
|
- 8.6: Alpine 3.14, Fedora 34
|
||||||
- 8.7: Fedora 35
|
- 8.7: Fedora 35
|
||||||
- 8.8: Archlinux, Voidlinux
|
- 8.8: Alpine 3.15, Fedora 36
|
||||||
|
- 8.9: Ubuntu 22.04 "jammy"
|
||||||
|
- 9.0: Archlinux, Voidlinux, Alpine 3.16, Ubuntu 22.10 "kinetic"
|
||||||
|
|
||||||
License
|
License
|
||||||
-------
|
-------
|
||||||
|
|
|
||||||
31
vars/ssh_8.2.yml
Normal file
31
vars/ssh_8.2.yml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
# 8.2: Ubuntu 20.04
|
||||||
|
# 8.4: Debian 11 & Suse 15.3
|
||||||
|
|
||||||
|
ssh_hardening_opts:
|
||||||
|
KexAlgorithms:
|
||||||
|
- curve25519-sha256
|
||||||
|
- curve25519-sha256@libssh.org
|
||||||
|
- diffie-hellman-group16-sha512
|
||||||
|
- diffie-hellman-group18-sha512
|
||||||
|
- diffie-hellman-group-exchange-sha256
|
||||||
|
Ciphers:
|
||||||
|
- chacha20-poly1305@openssh.com
|
||||||
|
- aes256-gcm@openssh.com
|
||||||
|
- aes128-gcm@openssh.com
|
||||||
|
- aes256-ctr
|
||||||
|
- aes192-ctr
|
||||||
|
- aes128-ctr
|
||||||
|
MACs:
|
||||||
|
- hmac-sha2-256-etm@openssh.com
|
||||||
|
- hmac-sha2-512-etm@openssh.com
|
||||||
|
- umac-128-etm@openssh.com
|
||||||
|
HostKeyAlgorithms:
|
||||||
|
- ssh-ed25519
|
||||||
|
- ssh-ed25519-cert-v01@openssh.com
|
||||||
|
- sk-ssh-ed25519@openssh.com
|
||||||
|
- sk-ssh-ed25519-cert-v01@openssh.com
|
||||||
|
- rsa-sha2-512
|
||||||
|
- rsa-sha2-512-cert-v01@openssh.com
|
||||||
|
- rsa-sha2-256
|
||||||
|
- rsa-sha2-256-cert-v01@openssh.com
|
||||||
|
|
||||||
1
vars/ssh_8.3.yml
Symbolic link
1
vars/ssh_8.3.yml
Symbolic link
|
|
@ -0,0 +1 @@
|
||||||
|
ssh_8.2.yml
|
||||||
1
vars/ssh_8.4.yml
Symbolic link
1
vars/ssh_8.4.yml
Symbolic link
|
|
@ -0,0 +1 @@
|
||||||
|
ssh_8.2.yml
|
||||||
|
|
@ -2,10 +2,11 @@
|
||||||
# 8.4: Debian 11 & Suse 15.3
|
# 8.4: Debian 11 & Suse 15.3
|
||||||
# 8.6: Fedora 34 (no diff in *hardened policy* to 8.4)
|
# 8.6: Fedora 34 (no diff in *hardened policy* to 8.4)
|
||||||
# 8.7: Fedora 35 (no diff in *hardened policy* to 8.4)
|
# 8.7: Fedora 35 (no diff in *hardened policy* to 8.4)
|
||||||
# 8.8: Arch/Void
|
# 8.9: Ubuntu 22.04
|
||||||
|
|
||||||
ssh_hardening_opts:
|
ssh_hardening_opts:
|
||||||
KexAlgorithms:
|
KexAlgorithms:
|
||||||
|
- sntrup761x25519-sha512@openssh.com
|
||||||
- curve25519-sha256
|
- curve25519-sha256
|
||||||
- curve25519-sha256@libssh.org
|
- curve25519-sha256@libssh.org
|
||||||
- diffie-hellman-group16-sha512
|
- diffie-hellman-group16-sha512
|
||||||
|
|
@ -27,8 +28,8 @@ ssh_hardening_opts:
|
||||||
- ssh-ed25519-cert-v01@openssh.com
|
- ssh-ed25519-cert-v01@openssh.com
|
||||||
- sk-ssh-ed25519@openssh.com
|
- sk-ssh-ed25519@openssh.com
|
||||||
- sk-ssh-ed25519-cert-v01@openssh.com
|
- sk-ssh-ed25519-cert-v01@openssh.com
|
||||||
- rsa-sha2-256
|
|
||||||
- rsa-sha2-512
|
- rsa-sha2-512
|
||||||
- rsa-sha2-256-cert-v01@openssh.com
|
|
||||||
- rsa-sha2-512-cert-v01@openssh.com
|
- rsa-sha2-512-cert-v01@openssh.com
|
||||||
|
- rsa-sha2-256
|
||||||
|
- rsa-sha2-256-cert-v01@openssh.com
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue