X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=sshd_config;h=0b7d95a33ca8422a4160f65219457d1a9755cca1;hb=b861528c1b6fc183d49daf18deb1ca485af5b9da;hp=dbb774eb7151bf57580af68076a1764488be0bbf;hpb=b7a761aa3677916ec29d53e5807aa0c5df91b03e;p=config%2Fdotfiles.git

diff --git a/sshd_config b/sshd_config
index dbb774e..0b7d95a 100644
--- a/sshd_config
+++ b/sshd_config
@@ -3,7 +3,7 @@
 # Some options are set even if they are default to document that they are
 # important and to prevent upstream changes from affecting them.
 
-# Copyright (C) 2013-2014  Simon Ruderich
+# Copyright (C) 2013-2016  Simon Ruderich
 #
 # This file is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -25,6 +25,11 @@ Port 22
 # Only use protocol 2. Protocol 1 is insecure. (default)
 Protocol 2
 
+# Stronger algorithms. See ssh_config for details.
+KexAlgorithms diffie-hellman-group-exchange-sha256
+Ciphers aes256-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
+
 # Use privilege separation for increased security. "sandbox" applies
 # additional restrictions on the unprivileged process.
 UsePrivilegeSeparation sandbox
@@ -36,6 +41,7 @@ UsePAM no
 ChallengeResponseAuthentication no
 GSSAPIAuthentication no
 HostbasedAuthentication no
+KbdInteractiveAuthentication no
 KerberosAuthentication no
 PasswordAuthentication no
 # Only enable those I need.
@@ -74,6 +80,5 @@ ClientAliveCountMax 3
 # Enable sftp (and sshfs) usage. internal-sftp also works in chroots.
 Subsystem sftp internal-sftp
 
-
 # Only allow logins for certain users.
 AllowUsers root