Adapt conf for Debiandebian

author: Pacien TRAN-GIRARD 2016-11-08 22:52:45 +0100
committer: Pacien TRAN-GIRARD 2016-11-08 22:52:45 +0100
commit: 3df406cbb316f889e6d7d0e073aec19be674163d (patch)
tree: 22c31e70bbdb849ef05061481ad43c6f60249157
parent: 12e5175086d0b648b22d680646e2d1777c88a41e (diff)
download: ssh-hardened-debian.tar.gz
2 files changed, 3 insertions, 3 deletions
diff --git a/ssh_config b/ssh_config
index 79ca5e1..fc3a628 100644
--- a/ssh_config
+++ b/ssh_config
@@ -20,7 +20,7 @@
 # Minimum accepted size of the DH parameter p. By default this is set to 1024
 # to maintain compatibility with RFC4419, but should be set higher.
 # Upstream default is identical to setting this to 2048.
-KexDHMin 4096
+#KexDHMin 4096
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
diff --git a/sshd_config b/sshd_config
index 2b2b54e..3e87b5c 100644
--- a/sshd_config
+++ b/sshd_config
@@ -29,7 +29,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
 # Minimum accepted size of the DH parameter p. By default this is set to 1024
 # to maintain compatibility with RFC4419, but should be set higher.
 # Upstream default is identical to setting this to 2048.
-KexDHMin 4096
+#KexDHMin 4096
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 # Lifetime and size of ephemeral version 1 server key
@@ -138,7 +138,7 @@ UsePrivilegeSeparation sandbox		# Default for new installations.
 #Banner none
 # override default of no subsystems
-Subsystem       sftp    /usr/lib/ssh/sftp-server
+Subsystem       sftp    /usr/lib/openssh/sftp-server
 # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
author	Pacien TRAN-GIRARD	2016-11-08 22:52:45 +0100
committer	Pacien TRAN-GIRARD	2016-11-08 22:52:45 +0100
commit	3df406cbb316f889e6d7d0e073aec19be674163d (patch)
tree	22c31e70bbdb849ef05061481ad43c6f60249157
parent	12e5175086d0b648b22d680646e2d1777c88a41e (diff)
download	ssh-hardened-debian.tar.gz

diff --git a/ssh_config b/ssh_config index 79ca5e1..fc3a628 100644 --- a/ssh_config +++ b/ssh_config
@@ -20,7 +20,7 @@
20	# Minimum accepted size of the DH parameter p. By default this is set to 1024	20	# Minimum accepted size of the DH parameter p. By default this is set to 1024
21	# to maintain compatibility with RFC4419, but should be set higher.	21	# to maintain compatibility with RFC4419, but should be set higher.
22	# Upstream default is identical to setting this to 2048.	22	# Upstream default is identical to setting this to 2048.
23	KexDHMin 4096	23	#KexDHMin 4096
24		24
25	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256	25	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
26	HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa	26	HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa


diff --git a/sshd_config b/sshd_config index 2b2b54e..3e87b5c 100644 --- a/sshd_config +++ b/sshd_config
@@ -29,7 +29,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
29	# Minimum accepted size of the DH parameter p. By default this is set to 1024	29	# Minimum accepted size of the DH parameter p. By default this is set to 1024
30	# to maintain compatibility with RFC4419, but should be set higher.	30	# to maintain compatibility with RFC4419, but should be set higher.
31	# Upstream default is identical to setting this to 2048.	31	# Upstream default is identical to setting this to 2048.
32	KexDHMin 4096	32	#KexDHMin 4096
33	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256	33	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
34		34
35	# Lifetime and size of ephemeral version 1 server key	35	# Lifetime and size of ephemeral version 1 server key
@@ -138,7 +138,7 @@ UsePrivilegeSeparation sandbox # Default for new installations.
138	#Banner none	138	#Banner none
139		139
140	# override default of no subsystems	140	# override default of no subsystems
141	Subsystem sftp /usr/lib/ssh/sftp-server	141	Subsystem sftp /usr/lib/openssh/sftp-server
142		142
143	# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).	143	# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
144	AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES	144	AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES