Hi. On Sun, Aug 14, 2022 at 09:16:25AM -0400, Stefan Monnier wrote: > > In fact, I'd restrict allowed SSH algorithms like this: > > > > Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com > > MACs > > hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com > > KexAlgorithms > > curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 > > Of course, if you do that, you'll want to make sure to revisit these > lists every couple of years :-(
That goes without saying. Executing 'ssh -Q chiper' now and then is a good habit to have. Reco