Install ssh-audit: pacman -S ssh-audit Server Audit the current server configuration: ssh-audit localhost If any fail or warn level log line appear, try implementing the following sections. Explicitly allow only selected algorithms Restrict key exchange algorithms, ciphers, message authentication codes, and asymmetric keys: # File: /etc/ssh/sshd_config.d/01-ssh-audit_hardening.conf # Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com # hardening guide. KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com Force usage of public key authentication and prevent root login # File: /etc/ssh/sshd_config.
Goodbye keyboards and monitors!
So easy!
Put that second drive to use!
To make it even harder for predatory institutions to find your keys.
So easy!
LUKS partitions cannot be recovered once the header is lost.
Useful in specific situations.
So easy to encrypt a USB key, or external or internal drive!
So easy!