flora-6: add back openssh MACs that got removed

from defaults

NixOS default openssh MACs have changed to use "encrypt-then-mac" only.
This breaks compatibilty with clients that do not offer these MACs. For
compatibility reasons, we add back the old defaults.
See: https://github.com/NixOS/nixpkgs/pull/231165

https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
This commit is contained in:
teutat3s 2023-07-07 12:13:57 +02:00
parent e834cc685c
commit 6fd2903516
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -139,6 +139,14 @@ in {
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "no";
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
}; };
}; };