feat: harden ssh

2024-09-13 18:46:54 +02:00 · 2024-09-13 18:46:54 +02:00 · 3908e7b52c
commit 3908e7b52c
parent 11e2fc2b1f
1 changed files with 7 additions and 0 deletions
--- a/config/network.nix
+++ b/config/network.nix
@ -7,6 +7,13 @@
      enable = true;
      ports = [22];
      settings = {
+        KexAlgorithms = [
+          "curve25519-sha256"
+          "curve25519-sha256@libssh.org"
+          "diffie-hellman-group16-sha512"
+          "diffie-hellman-group18-sha512"
+          "sntrup761x25519-sha512@openssh.com"
+        ];
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        StreamLocalBindUnlink = "yes";