Same instructions as Ubuntu 22.04 LTS Server,
except, remove sntrup761x25519-sha512@openssh.com
from KexAlgorithms
in step 4, as support for it was dropped in pve.
That is :
Note: all commands below are to be executed as the root user using bash.
0. Make a backup of your ssh folder as a precaution
1. Re-generate the RSA and ED25519 keys
2. Remove small Diffie-Hellman moduli
3. Enable the RSA and ED25519 keys
Enable the RSA and ED25519 HostKey directives in the /etc/ssh/sshd_config
file:
4. Restrict supported key exchange, cipher, and MAC algorithms
5. Restart OpenSSH server
6. Redistribute new hosts key fingerprints on cluster nodes