From c6deea451af1af2fdf4aee7f1ed74209f312a9b3 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Tue, 3 Sep 2024 01:52:03 -0700
Subject: modules

---
 modules/services/openssh.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'modules/services/openssh.nix')

diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix
index d4926c1..b970945 100644
--- a/modules/services/openssh.nix
+++ b/modules/services/openssh.nix
@@ -3,5 +3,25 @@
     enable = true;
     ports = [ 2222 ];
     openFirewall = true;
+
+    settings = {
+      UseDns = false;
+      X11Forwarding = false;
+
+      KexAlgorithms = [
+        "curve25519-sha256"
+        "curve25519-sha256@libssh.org"
+        "diffie-hellman-group16-sha512"
+        "diffie-hellman-group18-sha512"
+        "diffie-hellman-group-exchange-sha256"
+        "sntrup761x25519-sha512@openssh.com"
+      ];
+
+      Macs = [
+        "hmac-sha2-512-etm@openssh.com"
+        "hmac-sha2-256-etm@openssh.com"
+        "umac-128-etm@openssh.com"
+      ];
+    };
   };
 }
-- 
cgit v1.2.3