Server: diffie-hellman-group14-sha256

bsdlabs / ssh-hardening

FreeBSD SSH Hardening

https://github.com/jtesta/ssh-audit/wiki/FreeBSD

BSD 2-Clause "Simplified" License

27 stars 4 forks source link

Server: diffie-hellman-group14-sha256 #24

Closed B-Interactive closed 1 year ago

B-Interactive commented 1 year ago

For server config, just noting, that the key exchange algorithm diffie-hellman-group14-sha256 is listed as being present in the "Comparative table: Default vs. Hardened" under Hardened config, but it hasn't been included as a key exchange algorithm in the supplied command.

jlduran commented 1 year ago

Thank you! It shouldn't be on the hardened side of the table indeed:

# algorithm recommendations (for OpenSSH 9.3)
(rec) -diffie-hellman-group14-sha256        -- kex algorithm to remove