1 files changed, 10 insertions, 0 deletions
diff --git a/README.md b/README.md
index 19be796..d0673fe 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,16 @@ Purpose
 This repository contains an hardened version of the default OpenSSH client and server configuration, disabling broken ciphers and unsafe authentication methods.
+Installation
+------------
+- `groupadd ssh-user` and `usermod -a -G ssh-user <username>` for each user allowed to use SSH.
+- Deploy user public keys before continuing
+- Clone this repo into `/etc/ssh/`
+- Uncomment `KexDHMin 4096` in `ssh{,d}_config` if supported by the installed OpenSSH
+- Regenerate `ssh_host_rsa_key{,.pub}` of length 4096 if lower
 References
 ----------

diff --git a/README.md b/README.md index 19be796..d0673fe 100644 --- a/README.md +++ b/README.md
@@ -7,6 +7,16 @@ Purpose
7	This repository contains an hardened version of the default OpenSSH client and server configuration, disabling broken ciphers and unsafe authentication methods.	7	This repository contains an hardened version of the default OpenSSH client and server configuration, disabling broken ciphers and unsafe authentication methods.
8		8
9		9
		10	Installation
		11	------------
		12
		13	- `groupadd ssh-user` and `usermod -a -G ssh-user <username>` for each user allowed to use SSH.
		14	- Deploy user public keys before continuing
		15	- Clone this repo into `/etc/ssh/`
		16	- Uncomment `KexDHMin 4096` in `ssh{,d}_config` if supported by the installed OpenSSH
		17	- Regenerate `ssh_host_rsa_key{,.pub}` of length 4096 if lower
		18
		19
10	References	20	References
11	----------	21	----------
12		22