Greetings
I’ve been attempting to harden my SSH setup with this audit due to this machine being exposed to the internet, however despite specifying my host-key algorithm for some reason ssh-rsa (4096-bit) and ecdsa-sha2-nistp256 keep showing up as being used.
Only thing I changed was adding this to my sshd_config file.
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
Anything else I need to add or remove elsewhere? Thanks!