From ad0b9fa48b46a5e57f1e5137d65ec2ddd285d595 Mon Sep 17 00:00:00 2001 From: Adar Nimrod <nimrod@shore.co.il> Date: Sun, 25 Jun 2017 11:55:36 +0300 Subject: [PATCH] - Removed commented out disabled host key verification (was there in case I need to but forget how, already present in the EC2 file). - Added a bit of documentation where I get the SSH config. --- .ssh/config.d/10_global | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.ssh/config.d/10_global b/.ssh/config.d/10_global index 2b51c27..4f5cda4 100644 --- a/.ssh/config.d/10_global +++ b/.ssh/config.d/10_global @@ -5,9 +5,11 @@ ControlPersist 3m ServerAliveInterval 30 IdentitiesOnly yes ForwardAgent no + +# Copied from +# https://wiki.mozilla.org/Security/Guidelines/OpenSSH?source=techstories.org#Modern +HashKnownHosts yes HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr -#StrictHostKeyChecking yes -#UserKnownHostsFile=/dev/null -- GitLab