Important Notes:

  • These settings apply to modern OpenSSH in general, so it applies to any system that runs OpenSSH. However the paths and commands used in this tutorial might be specific to FreeBSD. Please adjust them for your system (Linux, etc).
  • Crypto (and security is general) is complicated and could sometimes be subjective. I disabled some of the cryptos that I personally do not trust (this is why), but aren’t necessarily insecure. Do your research before applying these settings.


The default sshd configuration is not the most secure for sake of backward compatibility. Unless you are running a 10 years old SSH client, you may want to consider improving the default configuration.

If you are security paranoid (and you should be), you have to start by disabling less secure and less trusted crypto (ciphers1, MACs2 and KexAlgorithms3).

To list supported crypto, use ssh -Q cipher , ssh -Q kex and ssh -Qmac.

Audit your SSH server

You may use an online server like or a command-line tool like SSHScan (originally by evict).

$ ./
[*] Initiating scan for on port 22
[*] Connected to on port 22...
    [+] Target SSH version is: SSH-2.0-OpenSSH_8.0
    [+] Retrieving ciphers...
    [+] Detected ciphers:
          aes128-ctr                           aes256-ctr
    [+] Detected KEX algorithms:
          curve25519-sha256                    diffie-hellman-group16-sha512
          diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256
          diffie-hellman-group14-sha1          ecdh-sha2-nistp384
          diffie-hellman-group14-sha256        ecdh-sha2-nistp521
    [+] Detected MACs:

    [+] Detected HostKey algorithms:
          rsa-sha2-256                         ssh-ed25519
          rsa-sha2-512                         ssh-rsa
    [-] No weak ciphers detected!
    [+] Detected weak KEX algorithms:
          diffie-hellman-group14-sha1          ecdh-sha2-nistp384
          ecdh-sha2-nistp256                   ecdh-sha2-nistp521
    [+] Detected weak MACs:
    [-] No weak HostKey algorithms detected!
    [-] Compression is *not* enabled

As a bonus, both tools give you the list of weak algorithms that you may want to disable.

I usually modify the default sshd configuration file to disable unwanted ciphers and tweak some of the defaults. These are the modification I make to /etc/ssh/sshd_config on a FreeBSD or Linux machine. You may add them to the bottom of existing sshd configuration file to override the default settings.

## Hardening
UseDNS no
VersionAddendum pancho
PasswordAuthentication no
PermitRootLogin prohibit-password
AuthenticationMethods publickey

# more logging for sftp sessiosn
Subsystem sftp /usr/libexec/sftp-server -f AUTHPRIV -l INFO

# algorithms

Then run sshd -T to confirm the settings. You may need to comment the existing sftp subsystem configuration.

Reload sshd service:

# service sshd reload

And scan using or SSHScan.

As rule of thumb:

  • Do no use anything with DSA or ECDSA in its name.
  • Ed25519 is mathematically strong and fast. Choose it if you have the option.
  • RSA is still considered safe, but your key should be at least 3072 bites long.

  1. Encryption methods that secure the connection itself ↩︎

  2. Message Authentication Codes are used to detect traffic modification ↩︎

  3. Key exchange methods that are used to generate per-connection keys ↩︎