From 08ede061a0108bf29696ece532d65aeaa12e6c80 Mon Sep 17 00:00:00 2001 From: Artemis Tosini Date: Mon, 25 Apr 2022 23:13:53 +0000 Subject: [PATCH] Modernize KexAlgorithms --- flake.lock | 18 +++++++++--------- home/ssh/default.nix | 5 ++--- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 846adfc..94696f5 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1648834319, - "narHash": "sha256-i5Aj4Aw64D/A0X6XW5LxSS4XBnYj7gMz+kN4dpsbdk8=", + "lastModified": 1649887911, + "narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=", "owner": "nix-community", "repo": "home-manager", - "rev": "0bdbdea2e26c984b096f4f7d10e3c88536a980b0", + "rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1649024309, - "narHash": "sha256-AWbvj/NHZXVwAnHaVOFlxg7tcNerEKrKBmgGfztSHWM=", + "lastModified": 1650647313, + "narHash": "sha256-6ghnNPXDlG6/tXeIFdbP0cGnik6TGNwc615hhG9dpl4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "af0a9bc0e5341855518e9c1734d7ef913e5138b9", + "rev": "a318a09a96a38382fe61a7f85d03ea6e25c46c56", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1648632716, - "narHash": "sha256-kCmnDeiaMsdhfnNKjxdOzwRh2H6eQb8yWAL+nNabC/Y=", + "lastModified": 1650701402, + "narHash": "sha256-XKfstdtqDg+O+gNBx1yGVKWIhLgfEDg/e2lvJSsp9vU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "710fed5a2483f945b14f4a58af2cd3676b42d8c8", + "rev": "bc41b01dd7a9fdffd32d9b03806798797532a5fe", "type": "github" }, "original": { diff --git a/home/ssh/default.nix b/home/ssh/default.nix index 7dbbec9..1f95528 100644 --- a/home/ssh/default.nix +++ b/home/ssh/default.nix @@ -11,9 +11,8 @@ # We have to do this as text to gaurantee it's part of the last Host * block userKnownHostsFile = "~/.ssh/known_hosts ${./extra_known_hosts}"; extraConfig = '' - HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 - KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 - MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr VerifyHostKeyDNS ask VisualHostKey yes