From 65f17f64da27ca30234315c226cb30fd7b84fece Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Imm=C3=A1nuel!?= <21174107+immanuelfodor@users.noreply.github.com> Date: Sat, 6 Jun 2020 16:38:15 +0200 Subject: [PATCH] Updated OPNsense 20.1.2 and newer (markdown) --- OPNsense-20.1.2-and-newer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OPNsense-20.1.2-and-newer.md b/OPNsense-20.1.2-and-newer.md index 51e85d5..5ada422 100644 --- a/OPNsense-20.1.2-and-newer.md +++ b/OPNsense-20.1.2-and-newer.md @@ -61,4 +61,4 @@ A good starting point is to select the following options for maximum compatibili - MACs: `hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com` - HostKeyAlgorithms: `ssh-ed25519,ssh-ed25519-cert-v01@openssh.com` -The ordering of the above algorithms represent the best-choice-first mentality, so if you select only the `*25519*` options for KEX and HostKey, and the first ones for the others, it's the best trade-off between speed and security. Otherwise, choose your own preferred algorithms depending on your use case or threat model. \ No newline at end of file +The ordering of the above algorithms represent the best-choice-first mentality, so if you select only the `*25519*` options for KEX and HostKey, and the first ones for the others, it's the best trade-off between speed and security while forcing the SSH client to only use these. Otherwise, choose your own preferred algorithms depending on your use case or threat model. \ No newline at end of file