|
|
|
|
|
|
by nix23
1333 days ago
|
|
|
Then just exchange the ssh-server with one in the ports, compile it with wolfssl, openssl-(devel?), libressl or mbed TLS, whatever you want. The stuff in base is meant to be compatible and as slim as possible (for example the kerberos-server in base). Or define the runtime options from the base-ssh-server in rc.conf (that's what i normally do): sshd_enable="YES" sshd_dsa_enable="NO" sshd_ecdsa_enable="NO" sshd_ed25519_enable="YES" sshd_rsa_enable="NO" If you want RSA=YES then you probably/maybe want to delete all moduli less then 4096. https://github.com/bsdlabs/ssh-hardening |
|
|