Use ditribution-default host key algorithms

ECDSA will be used by defaut for the client to authenticate the host. Tor Onion Services will also provide another layer of authentication, when using ssh over Tor.
freedomofpress · Dec 15, 2020 · d4f1643 · d4f1643
1 parent 2609cce
commit d4f1643
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config b/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config
@@ -39,7 +39,6 @@ UseDNS no
 # Cipher selection
 
 Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes128-ctr
-HostKeyAlgorithms ssh-ed25519,rsa-sha2-256,rsa-sha2-512
 # Don't use SHA1 for kex
 KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
 # Don't use SHA1 for hashing, don't use encrypt-and-MAC mode