I’ve been attempting to harden my SSH setup with this audit due to this machine being exposed to the internet, however despite specifying my host-key algorithm for some reason ssh-rsa (4096-bit) and ecdsa-sha2-nistp256 keep showing up as being used.
Only thing I changed was adding this to my sshd_config file.
KexAlgorithms curve25519-sha256,firstname.lastname@example.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256 Ciphers email@example.com,firstname.lastname@example.org,email@example.com,aes256-ctr,aes192-ctr,aes128-ctr MACs firstname.lastname@example.org,email@example.com,firstname.lastname@example.org
Anything else I need to add or remove elsewhere? Thanks!