X-Git-Url: https://ruderich.org/simon/gitweb/?p=config%2Fdotfiles.git;a=blobdiff_plain;f=shell%2Fsshd_config;h=791613d621717d3fcadee53d49c08526786e647c;hp=0b7d95a33ca8422a4160f65219457d1a9755cca1;hb=8f1b15e31afc986a7732aa4b44545807dd8a76f7;hpb=ac56b3081d3e1563484e325851113d84c236f43b

diff --git a/shell/sshd_config b/shell/sshd_config
index 0b7d95a..791613d 100644
--- a/shell/sshd_config
+++ b/shell/sshd_config
@@ -26,13 +26,11 @@ Port 22
 Protocol 2
 
 # Stronger algorithms. See ssh_config for details.
-KexAlgorithms diffie-hellman-group-exchange-sha256
+KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
 Ciphers aes256-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
-
-# Use privilege separation for increased security. "sandbox" applies
-# additional restrictions on the unprivileged process.
-UsePrivilegeSeparation sandbox
+MACs hmac-sha2-512-etm@openssh.com
+HostKeyAlgorithms rsa-sha2-512
+PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com
 
 # Don't use PAM because it may circumvent other authentication methods used
 # below (default).
@@ -49,8 +47,8 @@ PubkeyAuthentication yes
 
 # Don't allow empty passwords (default).
 PermitEmptyPasswords no
-# Allow root-login only with public keys.
-PermitRootLogin without-password
+# Allow root-login only with public keys (default).
+PermitRootLogin prohibit-password
 
 # Be strict when checking user file permissions (default).
 StrictModes yes