Protocol 2
# Stronger algorithms. See ssh_config for details.
-KexAlgorithms diffie-hellman-group-exchange-sha256
+KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
Ciphers aes256-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
-
-# Use privilege separation for increased security. "sandbox" applies
-# additional restrictions on the unprivileged process.
-UsePrivilegeSeparation sandbox
+MACs hmac-sha2-512-etm@openssh.com
+HostKeyAlgorithms rsa-sha2-512
+PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com
# Don't use PAM because it may circumvent other authentication methods used
# below (default).
# Don't allow empty passwords (default).
PermitEmptyPasswords no
-# Allow root-login only with public keys.
-PermitRootLogin without-password
+# Allow root-login only with public keys (default).
+PermitRootLogin prohibit-password
# Be strict when checking user file permissions (default).
StrictModes yes