Instantly share code, notes, and snippets.

Embed
What would you like to do?
# OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# See https://infosec-handbook.eu/blog/wss1-basic-hardening/ for more details
# All unnecessary comment lines were removed!
# Ciphers and keying
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa-cert-v01@openssh.com
# Logging
LogLevel VERBOSE
# Authentication
AllowUsers angela
AuthenticationMethods publickey,keyboard-interactive
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
# Additional configuration
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment