Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Sane security defaults for OSX 10.10 SSH clients that are still based on OpenSSH6.2_p2
# Currently your old OpenSSH installation only supports a subset of ciphers and key exchange algorithms.
# OSX Users: consider updating your openssh version -> https://mochtu.de/2015/01/07/updating-openssh-on-mac-os-x-10-10-yosemite/
# Explanation: http://mochtu.de/2015/01/06/securing-ssh-connections/
# Background information: https://stribika.github.io/2015/01/04/secure-secure-shell.html
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
Host *
PasswordAuthentication no
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
Host github.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment