I work heavily with SSH and SFTP, to be specific between two machines, both of which have their SSH port open on a public IP address.

Specifically, I have installed OpenSSH on both machines:

• GNU/Linux Debian 9.3 with OpenSSH version 1:7.4p1-10+deb9u2

• Linux Mint 18.3 with OpenSSH version 1:7.2p2-4ubuntu2.4

I am curious as to: What are the toughest SSH daemon settings in terms of encryption / handshake / etc in 2018? Having these two systems installed, that is.

To be honest, I don't understand these things too much, I just want strong encryption and everything connection-related.

So far, I have found and set on both machines in /etc/ssh/sshd_config:

AuthenticationMethods publickey Ciphers aes256-cbc MACs [email protected] FingerprintHash sha512 #KexAlgorithms 

This can be considered a follow-up question of Hardening SSH security on a Debian 9 server which I have posted before some time ago. But in a specific way, I want to know the highest settings.

I work heavily with SSH and SFTP, to be specific between two machines, both of which have their SSH port open on a public IP address.

What are the toughest SSH daemon settings in terms of encryption, handshake, or other cryptographic settings in 2018?

I am specifically interested in the cryptographic protocols. Securing SSH with good password selection, good key management, firewalling, etc. are out of scope for what I am asking here.

So far, I have found and set on both machines in /etc/ssh/sshd_config:

AuthenticationMethods publickey Ciphers aes256-cbc MACs [email protected] FingerprintHash sha512 #KexAlgorithms 

This can be considered a follow-up question of Hardening SSH security on a Debian 9 server which I have posted before some time ago. But in a specific way, I want to know the highest settings.

I work heavily with SSH and SFTP, to be specific between two machines, both of which have their SSH port open on a public IP address.

Specifically, I have installed OpenSSH on both machines:

• GNU/Linux Debian 9.3 with OpenSSH version 1:7.4p1-10+deb9u2

• Linux Mint 18.3 with OpenSSH version 1:7.2p2-4ubuntu2.4

I am curious as to: What are the toughest SSH daemon settings in terms of encryption / handshake / etc in 2018? Having these two systems installed, that is.

To be honest, I don't understand these things too much, I just want strong encryption and everything.

So far, I have found and set on both machines in /etc/ssh/sshd_config:

AuthenticationMethods publickey Ciphers aes256-cbc MACs [email protected] FingerprintHash sha512 #KexAlgorithms 

This can be considered a follow-up question of Hardening SSH security on a Debian 9 server which I have posted before some time ago. But in a specific way, I want to know the highest settings.

I work heavily with SSH and SFTP, to be specific between two machines, both of which have their SSH port open on a public IP address.

Specifically, I have installed OpenSSH on both machines:

• GNU/Linux Debian 9.3 with OpenSSH version 1:7.4p1-10+deb9u2

• Linux Mint 18.3 with OpenSSH version 1:7.2p2-4ubuntu2.4

I am curious as to: What are the toughest SSH daemon settings in terms of encryption / handshake / etc in 2018? Having these two systems installed, that is.

To be honest, I don't understand these things too much, I just want strong encryption and everything connection-related.

So far, I have found and set on both machines in /etc/ssh/sshd_config:

AuthenticationMethods publickey Ciphers aes256-cbc MACs [email protected] FingerprintHash sha512 #KexAlgorithms 

This can be considered a follow-up question of Hardening SSH security on a Debian 9 server which I have posted before some time ago. But in a specific way, I want to know the highest settings.