From 3908e7b52c34c24aa6f1d97e13989b53130ee228 Mon Sep 17 00:00:00 2001 From: winston Date: Fri, 13 Sep 2024 18:46:54 +0200 Subject: [PATCH] feat: harden ssh --- config/network.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/config/network.nix b/config/network.nix index 64642f2..9cae294 100644 --- a/config/network.nix +++ b/config/network.nix @@ -7,6 +7,13 @@ enable = true; ports = [22]; settings = { + KexAlgorithms = [ + "curve25519-sha256" + "curve25519-sha256@libssh.org" + "diffie-hellman-group16-sha512" + "diffie-hellman-group18-sha512" + "sntrup761x25519-sha512@openssh.com" + ]; PasswordAuthentication = false; PermitRootLogin = "no"; StreamLocalBindUnlink = "yes";