Hardened ssh

ssh_config

# Github already dropped support for diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1
# FYI: https://githubengineering.com/crypto-deprecation-notice/
# Host github.com
#     KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

Host *
    KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
    PasswordAuthentication no    # comment this if you need password authentication (for example ssh into a VM)
    ChallengeResponseAuthentication no
    PubkeyAuthentication yes
    HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa
    Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
    MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]

sshd_config

KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]

https://stribika.github.io/2015/01/04/secure-secure-shell.html