New algorithms for SSH.

configs/sshd/sshd-pfs_config

@@ -1,11 +1,34 @@
-# Specifies the ciphers allowed for protocol version 2.
-# The default is: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,
-# arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
-# aes256-cbc,arcfour
-Ciphers aes256-ctr
+# Protocol v1 is broken.
+Protocol 2
+
+# Specifies the available key exchange algorithms.
+# 1. ECDH over Curve25519 with SHA256
+# 2. Custom DH with SHA256 - generate primes using
+#    ssh-keygen -G /tmp/moduli -b 4096
+#    ssh-keygen -T /etc/ssh/moduli -f /tmp/moduli
+KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
+
+# Server authentication
+# 1. Ed25519 - generate key using 
+#    ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
+# 2. RSA - generate key using
+#    ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+
+# Client authentication
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PubkeyAuthentication yes
+
+# Specifies the allowed ciphers
+# 1. Chacha20-Poly1305 - Authenticated encryption, message length encrypted
+# 2. AES-GCM - Authenticated encryption, message length is Additional Data
+# 3. AES-CTR - Confidentiality only, works better with flawed Encrypt-and-MAC
+Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
 
 # Specifies the available MAC (message authentication code) algorithms.
-# The default is: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,
-# hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
-# hmac-sha2-512-96
-MACs hmac-sha2-512
+# 1. Encrypt-then-MAC with at least 128 bit tags and keys - provable security
+# 2. Encrypt-and-MAC with at least 128 bit tags and keys - no security proof
+#    probably fine with a CTR cipher, don't use them with CBC
+MACs hmac-sha2-512[email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128