[3/3] SSH client configuration: Prefer server host keys in different order
Commit Message
SSH clients can set a preference for server host keys. To achive best
security and performance, ED25519 is preferred over ECDSA (also secure,
but a bit bigger and some of them use ECC curves from non-trustworthy
sources) which is preferred over RSA.
Since ED25519 keys are smaller and need less CPU time on both client and
server, this also achives a better performance.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
config/ssh/ssh_config | 3 +++
1 file changed, 3 insertions(+)
@@ -36,4 +36,7 @@ Host *
# hash entries in ~/.ssh/known_hosts file to avoid permission disclosure
HashKnownHosts yes
+ # prefer server host keys in different order (ED25519, ECDSA, RSA)
+ HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa-cert-v01@openssh.com,ssh-rsa
+
# EOF