diff --git a/Docker-Compose.ign b/Docker-Compose.ign index 04d087d..870e575 100644 --- a/Docker-Compose.ign +++ b/Docker-Compose.ign @@ -50,7 +50,7 @@ "path": "/etc/ssh/sshd_config.d/10-custom.conf", "contents": { "compression": "", - "source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A" + "source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A" } }, { diff --git a/Docker-Compose.yml b/Docker-Compose.yml index 7df64dd..8d9d4e3 100644 --- a/Docker-Compose.yml +++ b/Docker-Compose.yml @@ -105,6 +105,11 @@ storage: contents: inline: | X11Forwarding no + HostKeyAlgorithms ssh-ed25519 + PubkeyAcceptedKeyTypes ssh-ed25519 + Ciphers aes256-gcm@openssh.com + MACs -* + KerberosAuthentication no GSSAPIAuthentication no - path: /etc/zincati/config.d/51-rollout-wariness.toml contents: diff --git a/Generic.ign b/Generic.ign index 5e1c38b..ade993d 100644 --- a/Generic.ign +++ b/Generic.ign @@ -50,7 +50,7 @@ "path": "/etc/ssh/sshd_config.d/10-custom.conf", "contents": { "compression": "", - "source": "data:,X11Forwarding%20no%0AGSSAPIAuthentication%20no%0A" + "source": "data:,X11Forwarding%20no%0AHostKeyAlgorithms%20ssh-ed25519%0APubkeyAcceptedKeyTypes%20ssh-ed25519%0ACiphers%20aes256-gcm%40openssh.com%0AMACs%20-*%0AKerberosAuthentication%20no%0AGSSAPIAuthentication%20no%0A" } }, { diff --git a/Generic.yml b/Generic.yml index d2d8fb0..ce84be9 100644 --- a/Generic.yml +++ b/Generic.yml @@ -123,6 +123,11 @@ storage: contents: inline: | X11Forwarding no + HostKeyAlgorithms ssh-ed25519 + PubkeyAcceptedKeyTypes ssh-ed25519 + Ciphers aes256-gcm@openssh.com + MACs -* + KerberosAuthentication no GSSAPIAuthentication no - path: /etc/zincati/config.d/51-rollout-wariness.toml contents: