On Fri, 20 Apr 2018, Matt Taggart wrote:
>
> Debian users wanting to drop support for the legacy crypto options
> mentioned previously in this bug can use the following:
>
> =======================================================================
> HostKeyAlgorithms [email protected], ssh-ed25519,\
> [email protected], [email protected],ssh-rsa
>
> KexAlgorithms [email protected],\
> diffie-hellman-group-exchange-sha256
>
> Ciphers [email protected],[email protected],
> [email protected],aes256-ctr,aes192-ctr,aes128-ctr
>
> MACs [email protected],[email protected],\
> [email protected],hmac-sha2-512,hmac-sha2-256,\
> [email protected]
> =======================================================================
There's also another way to do it (see `man 5 ssh{,d}_config'):
If the specified value begins with a '-' character, then the
specified methods (including wildcards) will be removed from the
default set instead of replacing them.
introduced in version 7.5,
upstream commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59.
Note: all excluded values must be given on one line; example:
KexAlgorithms -diffie-hellman-group14-sha1,ecdh-sha2-nistp*
Cheers,
--
Cristian
