disable DHE for sshd (CVE-2002-20001) (#132)

metal-stack · Apr 11, 2022 · f8eb1e6 · f8eb1e6
1 parent ff70a48
commit f8eb1e6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/debian/context/etc/ssh/sshd_config b/debian/context/etc/ssh/sshd_config
@@ -26,7 +26,7 @@
 # References: man sshd_config, https://infosec.mozilla.org/guidelines/openssh.html#modern-openssh-67
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
-KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256
 
 # Logging
 #SyslogFacility AUTH