diff options
| author |  sommerfeld <[email protected]> | 2026-04-17 10:54:13 +0100 |
|---|---|---|
| committer | sommerfeld <[email protected]> | 2026-04-17 10:54:13 +0100 |
| commit | 1cbd2703457a7a145533cfc2ca8bb140859da524 (patch) | |
| tree | e193582e64eeb189f5f887b61abc300cdc93b071 /home/.ssh/config | |
| parent | 8107a62129f8885b8569f082b762a7b0f04eaace (diff) | |
| download | dotfiles-1cbd2703457a7a145533cfc2ca8bb140859da524.tar.gz dotfiles-1cbd2703457a7a145533cfc2ca8bb140859da524.tar.bz2 dotfiles-1cbd2703457a7a145533cfc2ca8bb140859da524.zip | |
fix: modernize SSH config algorithms
- Remove deprecated ssh-rsa and ssh-rsa-cert from HostKeyAlgorithms
(SHA-1 based, disabled by default in OpenSSH 8.8+)
- Add curve25519-sha256 (standardized name) before @libssh.org variant
- Remove commented-out MACs line (dead code)
Diffstat (limited to 'home/.ssh/config')
| -rw-r--r-- | home/.ssh/config | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/home/.ssh/config b/home/.ssh/config index baf34ea..a2e75b3 100644 --- a/home/.ssh/config +++ b/home/.ssh/config @@ -1,10 +1,9 @@ # Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to. HashKnownHosts yes # Host keys the client accepts - order here is honored by OpenSSH -HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa,[email protected],[email protected],[email protected],ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 +HostKeyAlgorithms [email protected],ssh-ed25519,[email protected],[email protected],[email protected],ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 -# MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected] +KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Compression no |