jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use only post-quantum resistant algorithms

Browse source
This commit is contained in:
Jakob Lechner 2025-12-09 16:20:54 +01:00
parent e9bbfb3f75
commit 7353eb481a
1 changed files with 1 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/sshd.nix
View file

@ -13,11 +13,8 @@
]; ];
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit` # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
KexAlgorithms = [ KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"sntrup761x25519-sha512@openssh.com" "sntrup761x25519-sha512@openssh.com"
"mlkem768x25519-sha256"
]; ];
PasswordAuthentication = false; PasswordAuthentication = false;
StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists