https://stribika.github.io/2015/01/0...ure-shell.html
This is a nice little write up on how to harden your ssh connections in light of the Snowden documents about the NSA.
in the first section:
Code:
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
When I attempted to add this to my config file both my MAC and my CentOS v7 system tossed a rather nasty fit. the KexAlgorithms.... is not found and or unknown.
Lower in the Symmetric ciphers, they talk about the chacha20-poly1305, but when attempting to implement this in addition to the aes256 ciphers I currently have in my config it again tossed up nasty little notices stating not found, etc...
tried both
Code:
chacha20-poly1305@openssh.com
chacha20-poly1305
so both with and without the @openssh.com no luv.
in the Message authentication codes (MACs) how do I implement this on my systems?
tried just the first portion of their snippet:
Code:
MACs hmac-sha2-512-etm@openssh.com
and my system told me
Code:
no matching mac found: client hmac-sha2-512-etm@openssh.com server hmac-md5,hmssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Seems like a handy thing to add to the system for a bit more secure traffic between my home servers, web server, e-mail server, and my laptops when on the road.
thanks in advance.