diff mbox series

[3/3] ssh_config: Fix indentation mangled by Vim

Message ID	945df863-320b-45d6-9e7d-9aeacb901af4@ipfire.org
State	Staged
Commit	df09a64b08d101f7036b37c27da7bb9b06d307cc
Headers	Message-ID: <945df863-320b-45d6-9e7d-9aeacb901af4@ipfire.org> Date: Sun, 28 Sep 2025 21:06:00 +0000 Precedence: list Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Subject: [PATCH 3/3] ssh_config: Fix indentation mangled by Vim From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> To: "IPFire: Development" <development@lists.ipfire.org> References: <5d3b4fdd-fe49-4997-b00c-c2fd723f0e4a@ipfire.org> <b38bbc6c-1cf2-4ddd-9a8e-25464475fc59@ipfire.org> In-Reply-To: <b38bbc6c-1cf2-4ddd-9a8e-25464475fc59@ipfire.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	[1/3] OpenSSH: Prefer AES-GCM ciphers over AES-CTR \| [1/3] OpenSSH: Prefer AES-GCM ciphers over AES-CTR [3/3] ssh_config: Fix indentation mangled by Vim [2/3] OpenSSH: Amend upstream default cipher changes

Commit Message

Peter Müller 28 Sep 2025, 9:06 p.m. UTC

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/ssh/ssh_config | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff mbox series

Patch

diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config
index 2fc62e116..66cb0c2cc 100644
--- a/config/ssh/ssh_config
+++ b/config/ssh/ssh_config
@@ -5,30 +5,30 @@ 
 
 # Set some basic hardening options for all connections
 Host *
-        # Disable undocumented roaming feature as it is known to be vulnerable
-        UseRoaming no
+	# Disable undocumented roaming feature as it is known to be vulnerable
+	UseRoaming no
 
-        # Only use secure crypto algorithms
-		KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
-        Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-        MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+	# Only use secure crypto algorithms
+	KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+	Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
-        # Always visualise server host keys (helps to identify key based MITM attacks)
-        VisualHostKey yes
+	# Always visualise server host keys (helps to identify key based MITM attacks)
+	VisualHostKey yes
 
-        # Use SSHFP (might work on some up-to-date networks) to look up host keys
-        VerifyHostKeyDNS yes
+	# Use SSHFP (might work on some up-to-date networks) to look up host keys
+	VerifyHostKeyDNS yes
 
-        # Send SSH-based keep alive messages to connected server to avoid broken connections
-        ServerAliveInterval 10
-        ServerAliveCountMax 30
+	# Send SSH-based keep alive messages to connected server to avoid broken connections
+	ServerAliveInterval 10
+	ServerAliveCountMax 30
 
 	# Disable TCP keep alive messages since they can be spoofed and we have SSH-based
 	# keep alive messages enabled; there is no need to do things twice here
 	TCPKeepAlive no
 
-        # Ensure only allowed authentication methods are used
-        PreferredAuthentications publickey,keyboard-interactive,password
+	# Ensure only allowed authentication methods are used
+	PreferredAuthentications publickey,keyboard-interactive,password
 
 	# Prevent information leak by hashing ~/.ssh/known_hosts
 	HashKnownHosts yes