|
|
|
@ -54,4 +54,16 @@
|
|
|
|
promptInit = builtins.readFile ./bash-prompt.sh;
|
|
|
|
promptInit = builtins.readFile ./bash-prompt.sh;
|
|
|
|
interactiveShellInit = builtins.readFile ./bash-interactive-init.sh;
|
|
|
|
interactiveShellInit = builtins.readFile ./bash-interactive-init.sh;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
|
|
|
|
|
|
|
|
programs.ssh.extraConfig = ''
|
|
|
|
|
|
|
|
# Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to.
|
|
|
|
|
|
|
|
HashKnownHosts yes
|
|
|
|
|
|
|
|
# Host keys the client accepts - order here is honored by OpenSSH
|
|
|
|
|
|
|
|
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256
|
|
|
|
|
|
|
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
|
|
|
|
|
|
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
|
|
|
|
|
|
|
'';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
