From a64c15631fdf9e5e8f260824497a460e253ba709 Mon Sep 17 00:00:00 2001
From: Tobias Stenzel <ts@flyingcircus.io>
Date: Thu, 13 Jul 2023 00:06:26 +0200
Subject: [PATCH] ssh: only allow strong KexAlgorithms

The defaults include "diffie-hellman-group-exchange-sha256" which
has incorrect fallback behaviour which reduces its strength and is
flagged as warning by ssh-audit 3.0.

This adds "diffie-hellman-group16-sha512" and "diffie-hellman-group18-sha512"
which are recommended by ssh-audit 3.0.

PL-131620
---
 nixos/platform/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/nixos/platform/default.nix b/nixos/platform/default.nix
index f99510ea3..b7adced22 100644
--- a/nixos/platform/default.nix
+++ b/nixos/platform/default.nix
@@ -327,6 +327,13 @@ in {
       openssh.settings = {
         KbdInteractiveAuthentication = false;
         PasswordAuthentication = false;
+        KexAlgorithms = [
+          "sntrup761x25519-sha512@openssh.com"
+          "curve25519-sha256"
+          "curve25519-sha256@libssh.org"
+          "diffie-hellman-group16-sha512"
+          "diffie-hellman-group18-sha512"
+        ];
       };
 
       telegraf.enable = mkDefault true;