explicitly removed DSA host key, removed ECDH NIST curves and DH groups which i canno...
authorAaron Zauner <azet@azet.org>
Tue, 5 Nov 2013 17:02:38 +0000 (18:02 +0100)
committerAaron Zauner <azet@azet.org>
Tue, 5 Nov 2013 17:02:38 +0000 (18:02 +0100)
src/practical_settings.tex

index 0dde1ac..3fe3027 100644 (file)
@@ -300,10 +300,13 @@ Source: \url{http://www.postfix.org/TLS_README.html}
        RSAAuthentication yes
        PermitRootLogin no
        StrictModes yes
+       HostKey /etc/ssh/ssh_host_rsa_key
        Ciphers aes256-ctr
        MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
+       KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1`
 \end{verbatim}
 
+% XXX: curve25519-sha256@libssh.org only available upstream(!)
 Note: older linux systems won't support SHA2, PuTTY does not support RIPE-MD160.
 
 \subsection{OpenVPN}