Updated OPNsense 20.1.2 and newer (markdown)

Immánuel! 2020-06-06 16:38:15 +02:00
parent f059382b72
commit 65f17f64da

@ -61,4 +61,4 @@ A good starting point is to select the following options for maximum compatibili
- MACs: `hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com` - MACs: `hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com`
- HostKeyAlgorithms: `ssh-ed25519,ssh-ed25519-cert-v01@openssh.com` - HostKeyAlgorithms: `ssh-ed25519,ssh-ed25519-cert-v01@openssh.com`
The ordering of the above algorithms represent the best-choice-first mentality, so if you select only the `*25519*` options for KEX and HostKey, and the first ones for the others, it's the best trade-off between speed and security. Otherwise, choose your own preferred algorithms depending on your use case or threat model. The ordering of the above algorithms represent the best-choice-first mentality, so if you select only the `*25519*` options for KEX and HostKey, and the first ones for the others, it's the best trade-off between speed and security while forcing the SSH client to only use these. Otherwise, choose your own preferred algorithms depending on your use case or threat model.