tszym/config-security

## config-security
# vim: ft=sshconfig
# Sane security defaults for SSH clients. Disables everything old and nasty.
# Unfortunately, SSH appears to provide no way to *exclude* old protocols,
# so we have a list of known-secure key exchange algorithms, symmetric ciphers,
# and message authentication codes.
# Config taken from [https://stribika.github.io/2015/01/04/secure-secure-shell.html]

Host *
  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

# Unfortunately, Github supports neither authenticated encryption,
# nor encrypt-then-MAC.
Host github.com
  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512
	# vim: ft=sshconfig
	# Sane security defaults for SSH clients. Disables everything old and nasty.
	# Unfortunately, SSH appears to provide no way to exclude old protocols,
	# so we have a list of known-secure key exchange algorithms, symmetric ciphers,
	# and message authentication codes.
	# Config taken from [https://stribika.github.io/2015/01/04/secure-secure-shell.html]

	Host *
	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

	# Unfortunately, Github supports neither authenticated encryption,
	# nor encrypt-then-MAC.
	Host github.com
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512