X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=shell%2Fsshd_config;h=d845bc7059a7789a52ae4f1cd5324c1252f66f11;hb=HEAD;hp=0b7d95a33ca8422a4160f65219457d1a9755cca1;hpb=b82ea1844de8988bac632a588c6308b22b5ac1a0;p=config%2Fdotfiles.git

diff --git a/shell/sshd_config b/shell/sshd_config
index 0b7d95a..d845bc7 100644
--- a/shell/sshd_config
+++ b/shell/sshd_config
@@ -26,13 +26,11 @@ Port 22
 Protocol 2
 
 # Stronger algorithms. See ssh_config for details.
-KexAlgorithms diffie-hellman-group-exchange-sha256
+KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
 Ciphers aes256-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
-
-# Use privilege separation for increased security. "sandbox" applies
-# additional restrictions on the unprivileged process.
-UsePrivilegeSeparation sandbox
+MACs hmac-sha2-512-etm@openssh.com
+HostKeyAlgorithms rsa-sha2-512
+PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com
 
 # Don't use PAM because it may circumvent other authentication methods used
 # below (default).
@@ -49,8 +47,8 @@ PubkeyAuthentication yes
 
 # Don't allow empty passwords (default).
 PermitEmptyPasswords no
-# Allow root-login only with public keys.
-PermitRootLogin without-password
+# Allow root-login only with public keys (default).
+PermitRootLogin prohibit-password
 
 # Be strict when checking user file permissions (default).
 StrictModes yes
@@ -61,8 +59,6 @@ StrictModes yes
 # peer".
 MaxSessions 30
 
-# Don't accept any environment variables from the client (default).
-AcceptEnv
 # Don't use ~/.ssh/environment and environment= options in
 # ~/.ssh/authorized_keys because LD_PRELOAD could be used to circumvent
 # authentications (default).