# Some options are set even if they are default to prevent /etc/ssh/ssh_config
# from overwriting them.
-# Copyright (C) 2011-2013 Simon Ruderich
+# Copyright (C) 2011-2014 Simon Ruderich
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# Force protocol version 2 which is more secure (default).
Protocol 2
+# Use stronger algorithms. If some hosts require weaker versions then use Host
+# groups to enable them only for those specific machines.
+
+# Don't use SHA1 and disable elliptic curves whose security regarding the
+# parameters is still in debate.
+ KexAlgorithms diffie-hellman-group-exchange-sha256
+# Use stronger cipher versions. Disable CBC ciphers to prevent (unlikely)
+# plaintext recovery attack [1], disable RC4 because it's broken [2]; this
+# leaves only AES. No GCM ciphers yet because they are still very new.
+#
+# [1]: http://www.openssh.com/txt/cbc.adv
+# [2]: http://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html
+ Ciphers aes256-ctr
+# Don't use weak MACs like MD5 or SHA1. However strong MACs are not as
+# important as strong ciphers because an attacker must be able to break a MAC
+# in real time to modify the data in transmit. Prefer "-etm" algorithms which
+# use encrypt-then-mac which is more secure than the default encrypt-and-mac
+# in SSH [1] (available since 6.2).
+#
+# [1]: http://cseweb.ucsd.edu/~mihir/papers/oem.html
+ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
+# Disable DSA host keys because they are weak (only 1024 bit) and elliptic
+# curves. I don't need certificates, therefore disables those algorithms as
+# well (*-cert-*).
+ HostKeyAlgorithms ssh-rsa
+
# Disable X11 and agent forwarding for security reasons (defaults).
ForwardX11 no
ForwardAgent no
ruderich.org/simon / config / dotfiles.git / commitdiff