From 7c518c4d7d98f4afc1f095c23f4c6894915bbd4f Mon Sep 17 00:00:00 2001
From: Pacien TRAN-GIRARD
Date: Tue, 8 Nov 2016 17:03:20 +0100
Subject: Add setup instructions

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 19be796..d0673fe 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,16 @@ Purpose
 This repository contains an hardened version of the default OpenSSH client and server configuration, disabling broken ciphers and unsafe authentication methods.
 
 
+Installation
+------------
+
+- `groupadd ssh-user` and `usermod -a -G ssh-user <username>` for each user allowed to use SSH.
+- Deploy user public keys before continuing
+- Clone this repo into `/etc/ssh/`
+- Uncomment `KexDHMin 4096` in `ssh{,d}_config` if supported by the installed OpenSSH
+- Regenerate `ssh_host_rsa_key{,.pub}` of length 4096 if lower
+
+
 References
 ----------
 
-- 
cgit v1.2.3