Add Debian specific install steps

3 files changed, 8 insertions, 3 deletions

diff --git a/README.md b/README.md
index 9ff8deb..bed809a 100644
--- a/README.md
+++ b/README.md
@@ -13,10 +13,15 @@ Installation
 - `groupadd ssh-user` and `usermod -a -G ssh-user <username>` for each user allowed to use SSH.
 - Deploy user public keys before continuing
 - Clone this repo into `/etc/ssh/`
-- Uncomment `KexDHMin 4096` in `ssh{,d}_config` if supported by the installed OpenSSH
 - Regenerate `ssh_host_rsa_key{,.pub}` of length 4096 if lower (`ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null`)
 
 
+### Debian specific
+
+- Comment unsupported parameter `KexDHMin 4096` in `ssh{,d}_config`
+- `ln -s /usr/lib/openssh /usr/lib/ssh`
+
+
 References
 ----------
 
diff --git a/ssh_config b/ssh_config
index fc3a628..79ca5e1 100644
--- a/ssh_config
+++ b/ssh_config
@@ -20,7 +20,7 @@
 # Minimum accepted size of the DH parameter p. By default this is set to 1024
 # to maintain compatibility with RFC4419, but should be set higher.
 # Upstream default is identical to setting this to 2048.
-#KexDHMin 4096
+KexDHMin 4096
 
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
diff --git a/sshd_config b/sshd_config
index cb6a645..2b2b54e 100644
--- a/sshd_config
+++ b/sshd_config
@@ -29,7 +29,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
 # Minimum accepted size of the DH parameter p. By default this is set to 1024
 # to maintain compatibility with RFC4419, but should be set higher.
 # Upstream default is identical to setting this to 2048.
-#KexDHMin 4096
+KexDHMin 4096
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 
 # Lifetime and size of ephemeral version 1 server key