'Secure' Secure Shell snippets

1. # SOURCE: https://stribika.github.io/2015/01/04/secure-secure-shell.html
2. #
3. # IMPORTANT: If you aren't going to read the article (which I recommend, rather than copy/pasting) you need to execute the following command
4. ## sudo usermod -a -G ssh-user <username>
5. # where "<username>" is a user you want to allow to use ssh
6.  
7. # /etc/ssh/sshd_config
8.  
9. Host *
10.     KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
11.     PasswordAuthentication no
12.     ChallengeResponseAuthentication no
13.     PubkeyAuthentication yes
14.     AllowGroups ssh-user
15.     Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
16.     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
17.  
18. # /etc/ssh/ssh_config
19.  
20. # Github needs diffie-hellman-group-exchange-sha1 some of the time but not always.
21. #Host github.com
22. #   KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
23.    
24. Host *
25.     KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
26.     PasswordAuthentication no
27.     ChallengeResponseAuthentication no
28.     PubkeyAuthentication yes
29.     HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
30.     Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
31.     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
32.     UseRoaming no