An open-source image to PDF converter built with web technology
Generate the hash:
(make sure you have only one line/type, so either delete all others in key.pub or run ssh-keyscan -t rsa example.org > key.pub)
- ssh-keygen -l -f key.pub (default hash, depending on OpenSSH version)
- ssh-keygen -l -f key.pub -E md5 (md5 on current OpenSSH)
- awk '{print $2}' ssh_host_rsa_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 (sha256 on old OpenSSH)
(You might need to start the line with awk '{print $3}' for newer versions of ssh-keyscan because the format changed)
Good combo (2017-10-12):
Ciphers
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
LogLevel VERBOSE
Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l info
Use kernel sandbox mechanisms where possible in unprivileged processes
Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere.
UsePrivilegeSeparation sandbox
AllowUsers pi
SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
A simple CSV editor for the Mac