From 00adc415701e9bf5b9bd9e25e13aa5e2be0c67a9 Mon Sep 17 00:00:00 2001
From: "Jonathan \"Duke\" Leto" <jonathan@leto.net>
Date: Tue, 6 Jan 2015 22:14:27 -0800
Subject: [PATCH] Increase ssh client security by specifying preferred widgets

---
 config/.ssh/config | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/config/.ssh/config b/config/.ssh/config
index c30cabe..09c9bd2 100644
--- a/config/.ssh/config
+++ b/config/.ssh/config
@@ -1,3 +1,13 @@
+# https://stribika.github.io/2015/01/04/secure-secure-shell.html
+# Github supports neither AE nor Encrypt-then-MAC. LOL
+Host github.com
+    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512
+Host *
+    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
+    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+
+
 #TCPKeepAlive Yes
 # Aliases for the GCC Compile Farm
 Host gcc54