14 lines
582 B
Text
14 lines
582 B
Text
# SSH client algorithm hardening.
|
|
#
|
|
# Require PQ-hybrid KEX, AEAD ciphers, Ed25519 keys.
|
|
# Applied to all outgoing SSH connections from this machine.
|
|
#
|
|
# Requires OpenSSH 9.9+ for mlkem768x25519-sha256.
|
|
|
|
Host *
|
|
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com
|
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
|
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
|
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com
|
|
PubkeyAcceptedAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com
|
|
RekeyLimit 1G 1h
|