diff options
| author |  sommerfeld <[email protected]> | 2026-04-17 10:54:15 +0100 |
|---|---|---|
| committer | sommerfeld <[email protected]> | 2026-04-17 10:54:15 +0100 |
| commit | be49079efa54e90e34e244af8336be00bc48ff3c (patch) | |
| tree | cab4df1ef9a8bebd3dfb80af1448d5ea2e5731c3 /home | |
| parent | daa9dc343a409f613312a32f28ecd839e0a3dcb8 (diff) | |
| download | dotfiles-be49079efa54e90e34e244af8336be00bc48ff3c.tar.gz dotfiles-be49079efa54e90e34e244af8336be00bc48ff3c.tar.bz2 dotfiles-be49079efa54e90e34e244af8336be00bc48ff3c.zip | |
refactor: fully modernize SSH config
Remove all explicit HostKeyAlgorithms, KexAlgorithms, and Ciphers lists.
OpenSSH 9.x+ has excellent defaults: Ed25519 preferred, ssh-rsa disabled,
strong cipher and kex ordering out of the box. Explicit lists become a
liability — they prevent picking up improved defaults on upgrade.
Diffstat (limited to 'home')
| -rw-r--r-- | home/.ssh/config | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/home/.ssh/config b/home/.ssh/config index a2e75b3..1671625 100644 --- a/home/.ssh/config +++ b/home/.ssh/config @@ -1,10 +1,5 @@ -# Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to. +# Ensure KnownHosts are unreadable if leaked HashKnownHosts yes -# Host keys the client accepts - order here is honored by OpenSSH -HostKeyAlgorithms [email protected],ssh-ed25519,[email protected],[email protected],[email protected],ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 - -KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Compression no ControlMaster auto |