mirror of https://github.com/jtesta/ssh-audit.git
20 lines
894 B
Plaintext
20 lines
894 B
Plaintext
#
|
|
# Official policy for hardened OpenSSH on Ubuntu 18.04 LTS.
|
|
#
|
|
|
|
client policy = true
|
|
name = "Hardened Ubuntu Client 18.04 LTS"
|
|
version = 1
|
|
|
|
# The host key types that must match exactly (order matters).
|
|
host keys = ssh-ed25519, ssh-ed25519-cert-v01@openssh.com, rsa-sha2-256, rsa-sha2-512, ssh-rsa-cert-v01@openssh.com
|
|
|
|
# The key exchange algorithms that must match exactly (order matters).
|
|
key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha256, ext-info-c
|
|
|
|
# The ciphers that must match exactly (order matters).
|
|
ciphers = chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr, aes128-ctr
|
|
|
|
# The MACs that must match exactly (order matters).
|
|
macs = hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, umac-128-etm@openssh.com
|