flora-6: add back openssh MACs that got removed
from defaults NixOS default openssh MACs have changed to use "encrypt-then-mac" only. This breaks compatibilty with clients that do not offer these MACs. For compatibility reasons, we add back the old defaults. See: https://github.com/NixOS/nixpkgs/pull/231165 https://blog.stribik.technology/2015/01/04/secure-secure-shell.html https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
This commit is contained in:
parent
e834cc685c
commit
6fd2903516
|
@ -139,6 +139,14 @@ in {
|
||||||
settings = {
|
settings = {
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "no";
|
||||||
|
Macs = [
|
||||||
|
"hmac-sha2-512-etm@openssh.com"
|
||||||
|
"hmac-sha2-256-etm@openssh.com"
|
||||||
|
"umac-128-etm@openssh.com"
|
||||||
|
"hmac-sha2-512"
|
||||||
|
"hmac-sha2-256"
|
||||||
|
"umac-128@openssh.com"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue