nixos/sshd: update kexAlgorithms, fix links
The `curve25519-sha256` key exchange method is defined in RFC 8731 that is identical to curve25519-sha256@libssh.org. OpenSSH supports the method since version 7.4, released on 2016-12-19. It is literally a violation of the "both in Secure Secure Shell and Mozilla guidelines" rule, but it provides essentially the same but a future-proof default. Also, links to the Mozilla OpenSSH guidelines are updated to refer to the current place. Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
This commit is contained in:
parent
e25cd7827e
commit
8875db4976
@ -269,6 +269,7 @@ in
|
||||
kexAlgorithms = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
@ -279,7 +280,7 @@ in
|
||||
Defaults to recommended settings from both
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
|
||||
and
|
||||
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
|
||||
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
|
||||
'';
|
||||
};
|
||||
|
||||
@ -300,7 +301,7 @@ in
|
||||
Defaults to recommended settings from both
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
|
||||
and
|
||||
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
|
||||
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
|
||||
'';
|
||||
};
|
||||
|
||||
@ -321,7 +322,7 @@ in
|
||||
Defaults to recommended settings from both
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
|
||||
and
|
||||
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
|
||||
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
|
||||
'';
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user