]> ruderich.org/simon Gitweb - config/dotfiles.git/blobdiff - shell/sshd_config
ruderich.org/simon / config / dotfiles.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
shell: sshd_config: replace deprecated value "without-password"
[config/dotfiles.git] / shell / sshd_config
diff --git a/shell/sshd_config b/shell/sshd_config
index 0b7d95a33ca8422a4160f65219457d1a9755cca1..791613d621717d3fcadee53d49c08526786e647c 100644 (file)
--- a/shell/sshd_config
+++ b/shell/sshd_config
@@ -26,13 +26,11 @@ Port 22
 Protocol 2
 
 # Stronger algorithms. See ssh_config for details.
-KexAlgorithms diffie-hellman-group-exchange-sha256
+KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
 Ciphers aes256-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
-
-# Use privilege separation for increased security. "sandbox" applies
-# additional restrictions on the unprivileged process.
-UsePrivilegeSeparation sandbox
+MACs hmac-sha2-512-etm@openssh.com
+HostKeyAlgorithms rsa-sha2-512
+PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com
 
 # Don't use PAM because it may circumvent other authentication methods used
 # below (default).
@@ -49,8 +47,8 @@ PubkeyAuthentication yes
 
 # Don't allow empty passwords (default).
 PermitEmptyPasswords no
-# Allow root-login only with public keys.
-PermitRootLogin without-password
+# Allow root-login only with public keys (default).
+PermitRootLogin prohibit-password
 
 # Be strict when checking user file permissions (default).
 StrictModes yes
Configuration files for zsh, vim, git, mutt, herbstluftwm and a few more shell and X11 related programs