Added hardended SSH client preferences

ioerror / duraconf

duraconf - A collection of hardened configuration files for SSL/TLS services

http://www.appelbaum.net/

977 stars 91 forks source link

Added hardended SSH client preferences #62

Open GigabyteProductions opened 9 years ago

GigabyteProductions commented 9 years ago

There is already a hardened SSH server configuration file, but this new SSH client configuration file will make OpenSSH SSH client prefer stronger ciphers and MACs when the server in question doesn't enforce stronger ciphers and MACs.

fmarier commented 9 years ago

Maybe this should also change the HostKeyAlgorithms setting?

https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern

GigabyteProductions commented 9 years ago

Ah, I thought I was missing that somewhere, but for some reason, I was thinking that was an sshd_config setting.