SSH Protocol version 1 is insecure and must not be used anymore. Restrict SSH client configuration to ensure only version 2 is used.
Signed-off-by: Peter Müller peter.mueller@link38.eu --- config/ssh/ssh_config | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config index 2abfae6d1..b36909f85 100644 --- a/config/ssh/ssh_config +++ b/config/ssh/ssh_config @@ -5,6 +5,9 @@ Host * # disable Roaming as it is known to be vulnerable UseRoaming no
+ # only use version 2 of SSH protocol + Protocol 2 + # only use secure crypto algorithm KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr