Hello everyone,
I'm trying to harden SSH on OMV but I'm hitting a roadblock.
I've disable root login and forced key authentication only, anyway I'm struggling in hardening the ciphers, the key exchange algorithm and the message auth codes.
My ideal configuration would be something close to:
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com
But with this configuration, when connecting (I only used Putty and the built-in SSH client on the Mac) I get a connection error.
The most secure configuration I managed to get is instead:
Even simply adding the MAC hmac-sha2-512 prevent Putty from conencting.
Adding any other Cyphers but aes256-ctr or any other Kex but diffie-hellman-group-exchange-sha256 prevent Putty from connecting as well.
Do you have any suggestion on how to achieve the desired encryption level (which would get rid of all the less secure ciphers)?
Thank you.
Tommy