pyrox.dev
Merge pull request #172393 from mweinelt/openssh/sntrup761x25519-sha512-kexmethod
nixos/openssh: Add sntrup761x25519-sha512 kexAlgo
authored by Silvan Mosberger and committed by GitHub 26ab617a 080eb504
+2
-1
nixos/modules/services/networking/ssh/sshd.nix
+2
-1
nixos/modules/services/networking/ssh/sshd.nix
···
293
kexAlgorithms = mkOption {
294
type = types.listOf types.str;
295
default = [
296
"curve25519-sha256"
297
"curve25519-sha256@libssh.org"
298
"diffie-hellman-group-exchange-sha256"
···
301
Allowed key exchange algorithms
302
</para>
303
<para>
304
-
Defaults to recommended settings from both
305
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
306
and
307
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
···
293
kexAlgorithms = mkOption {
294
type = types.listOf types.str;
295
default = [
296
+
"sntrup761x25519-sha512@openssh.com"
297
"curve25519-sha256"
298
"curve25519-sha256@libssh.org"
299
"diffie-hellman-group-exchange-sha256"
···
302
Allowed key exchange algorithms
303
</para>
304
<para>
305
+
Uses the lower bound recommended in both
306
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
307
and
308
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />