From c214101dfdac5e4d61c031c77eb621d272053fe8 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 21 Dec 2021 11:13:07 +0100 Subject: ssh: ... --- accounts/gkleen@sif/default.nix | 1 - system-profiles/openssh/default.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index bd6ae49c..3acefc4e 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix @@ -76,7 +76,6 @@ in { IdentityFile ~/.ssh/gkleen@mathinst.loc HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa - MACs +umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com Match host *.mathinst.loc !exec "nc -z -w 1 %h %p &>/dev/null" ProxyCommand ${pkgs.socat}/bin/socat - SOCKS4A:127.0.0.1:%h:%p,socksport=8118 diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index 98f75b94..5009dea3 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix @@ -27,7 +27,7 @@ ciphers = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes256-ctr" ]; hostKeyAlgorithms = [ "sk-ssh-ed25519-cert-v01@openssh.com" "ssh-ed25519-cert-v01@openssh.com" "rsa-sha2-256-cert-v01@openssh.com" "rsa-sha2-512-cert-v01@openssh.com" "sk-ssh-ed25519@openssh.com" "ssh-ed25519" "rsa-sha2-256" "rsa-sha2-512" ]; kexAlgorithms = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; - macs = [ "hmac-sha2-256-etm@openssh.com" "hmac-sha2-256" "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512" ]; + macs = [ "umac-128-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128@openssh.com" "hmac-sha2-256" "hmac-sha2-512" "umac-64-etm@openssh.com" "umac-64@openssh.com"]; pubkeyAcceptedKeyTypes = [ "ssh-ed25519" "ssh-rsa" ]; extraConfig = '' Host * -- cgit v1.2.3