diff --git a/OPNsense-20.1.2-and-newer.md b/OPNsense-20.1.2-and-newer.md index 51e85d5..5ada422 100644 --- a/OPNsense-20.1.2-and-newer.md +++ b/OPNsense-20.1.2-and-newer.md @@ -61,4 +61,4 @@ A good starting point is to select the following options for maximum compatibili - MACs: `hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com` - HostKeyAlgorithms: `ssh-ed25519,ssh-ed25519-cert-v01@openssh.com` -The ordering of the above algorithms represent the best-choice-first mentality, so if you select only the `*25519*` options for KEX and HostKey, and the first ones for the others, it's the best trade-off between speed and security. Otherwise, choose your own preferred algorithms depending on your use case or threat model. \ No newline at end of file +The ordering of the above algorithms represent the best-choice-first mentality, so if you select only the `*25519*` options for KEX and HostKey, and the first ones for the others, it's the best trade-off between speed and security while forcing the SSH client to only use these. Otherwise, choose your own preferred algorithms depending on your use case or threat model. \ No newline at end of file