From fdca899aa9b44c6aa16000d1273f301c891131d4 Mon Sep 17 00:00:00 2001 From: Pacien TRAN-GIRARD Date: Tue, 8 Nov 2016 21:47:26 +0100 Subject: Add Debian specific install steps --- README.md | 7 ++++++- ssh_config | 2 +- sshd_config | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9ff8deb..bed809a 100644 --- a/README.md +++ b/README.md @@ -13,10 +13,15 @@ Installation - `groupadd ssh-user` and `usermod -a -G ssh-user ` for each user allowed to use SSH. - Deploy user public keys before continuing - Clone this repo into `/etc/ssh/` -- Uncomment `KexDHMin 4096` in `ssh{,d}_config` if supported by the installed OpenSSH - Regenerate `ssh_host_rsa_key{,.pub}` of length 4096 if lower (`ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null`) +### Debian specific + +- Comment unsupported parameter `KexDHMin 4096` in `ssh{,d}_config` +- `ln -s /usr/lib/openssh /usr/lib/ssh` + + References ---------- diff --git a/ssh_config b/ssh_config index fc3a628..79ca5e1 100644 --- a/ssh_config +++ b/ssh_config @@ -20,7 +20,7 @@ # Minimum accepted size of the DH parameter p. By default this is set to 1024 # to maintain compatibility with RFC4419, but should be set higher. # Upstream default is identical to setting this to 2048. -#KexDHMin 4096 +KexDHMin 4096 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa diff --git a/sshd_config b/sshd_config index cb6a645..2b2b54e 100644 --- a/sshd_config +++ b/sshd_config @@ -29,7 +29,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key # Minimum accepted size of the DH parameter p. By default this is set to 1024 # to maintain compatibility with RFC4419, but should be set higher. # Upstream default is identical to setting this to 2048. -#KexDHMin 4096 +KexDHMin 4096 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 # Lifetime and size of ephemeral version 1 server key -- cgit v1.2.3