mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-16 13:35:39 +01:00
20 lines
813 B
Plaintext
20 lines
813 B
Plaintext
#
|
|
# Official policy for hardened OpenSSH on Ubuntu 16.04 LTS.
|
|
#
|
|
|
|
client policy = true
|
|
name = "Hardened Ubuntu Client 16.04 LTS"
|
|
version = 1
|
|
|
|
# The host key types that must match exactly (order matters).
|
|
host keys = ssh-ed25519, ssh-ed25519-cert-v01@openssh.com, rsa-sha2-256, rsa-sha2-512, ssh-rsa-cert-v01@openssh.com
|
|
|
|
# The key exchange algorithms that must match exactly (order matters).
|
|
key exchanges = curve25519-sha256@libssh.org, diffie-hellman-group-exchange-sha256, ext-info-c
|
|
|
|
# The ciphers that must match exactly (order matters).
|
|
ciphers = chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr, aes128-ctr
|
|
|
|
# The MACs that must match exactly (order matters).
|
|
macs = hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, umac-128-etm@openssh.com
|