From 335ee0936e27966fdee3a9d6996655d1e17471ea Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.de>
Date: Sat, 15 Oct 2022 20:44:29 +0200
Subject: [PATCH] Further hardening ssh

---
 etc/ssh/sshd_config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
index 802f0d3..6c823bd 100644
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@@ -99,9 +99,9 @@ AcceptEnv LANG LC_*
 Subsystem       sftp    internal-sftp
 
 # Hardened set of key exchange, cipher, and MAC algorithms, as per <https://www.sshaudit.com/hardening_guides.html>.
-KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
+KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512
+MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
 
 Match User root
         AuthenticationMethods publickey