How to choose the best possible encryption algorithm for SSH on Centos?
Choosing a stronger encryption algorithm for SSH, than the default:
Regenerate a new host key using the ed25519 algorithm (ed25519 uses Curve25519 which has a high safety rating)
https://safecurves.cr.yp.to/
http://blog.cr.yp.to/20140323-ecdsa.html
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
# vim /etc/ssh/sshd_config
Comment all HostKey lines, except for the key using ed25519:
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Restart the sshd service:
systemctl restart sshd
Choosing a stronger encryption algorithm for SSH, than the default:
Regenerate a new host key using the ed25519 algorithm (ed25519 uses Curve25519 which has a high safety rating)
https://safecurves.cr.yp.to/
http://blog.cr.yp.to/20140323-ecdsa.html
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
# vim /etc/ssh/sshd_config
Comment all HostKey lines, except for the key using ed25519:
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Restart the sshd service:
systemctl restart sshd
No comments:
Post a Comment