[PATCH 2/3] OpenSSH: Amend upstream default cipher changes

["Peter Müller" <peter.mueller@ipfire.org>]

This patch implements the following change made to OpenSSH server
upstream in version 10.0:

 * sshd(8): this release disables finite field (a.k.a modp)
   Diffie-Hellman key exchange in sshd by default. Specifically,
   this removes the "diffie-hellman-group*" and
   "diffie-hellman-group-exchange-*" methods from the default
   KEXAlgorithms list. The client is unchanged and continues to
   support these methods by default. Finite field Diffie Hellman
   is slow and computationally expensive for the same security
   level as Elliptic Curve DH or PQ key agreement while offering
   no redeeming advantages. ECDH has been specified for the SSH
   protocol for 15 years and some form of ECDH has been the default
   key exchange in OpenSSH for the last 14 years.

In addition, for both OpenSSH server and client, the following upstream
change made in version 9.9 is implemented:

 * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256
   is now used by default for key agreement. This algorithm is
   considered to be safe against attack by quantum computers,
   is guaranteed to be no less strong than the popular
   curve25519-sha256 algorithm, has been standardised by NIST
   and is considerably faster than the previous default.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/ssh/ssh_config  | 2 +-
 config/ssh/sshd_config | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config
index a248001ff..2fc62e116 100644
--- a/config/ssh/ssh_config
+++ b/config/ssh/ssh_config
@@ -9,7 +9,7 @@ Host *
         UseRoaming no
 
         # Only use secure crypto algorithms
-        KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+		KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
         Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
         MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config
index 25e5b1838..3e25e74e8 100644
--- a/config/ssh/sshd_config
+++ b/config/ssh/sshd_config
@@ -20,7 +20,7 @@ LoginGraceTime 30s
 MaxStartups 5
 
 # Only allow safe crypto algorithms
-KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
 Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
-- 
2.51.0