fix: modernize SSH config algorithms

- Remove deprecated ssh-rsa and ssh-rsa-cert from HostKeyAlgorithms
  (SHA-1 based, disabled by default in OpenSSH 8.8+)
- Add curve25519-sha256 (standardized name) before @libssh.org variant
- Remove commented-out MACs line (dead code)

1 files changed, 2 insertions, 3 deletions

diff --git a/home/.ssh/config b/home/.ssh/config
index baf34ea..a2e75b3 100644
--- a/home/.ssh/config
+++ b/home/.ssh/config
@@ -1,10 +1,9 @@
 # Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to.
 HashKnownHosts yes
 # Host keys the client accepts - order here is honored by OpenSSH
-HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa,[email protected],[email protected],[email protected],ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
+HostKeyAlgorithms [email protected],ssh-ed25519,[email protected],[email protected],[email protected],ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
 
-KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
-# MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
+KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
 Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
 
 Compression no