From f98a6c7e69ee6e240f795c51f2b63533168a4acd Mon Sep 17 00:00:00 2001
From: Jonathan Cobb <jonathan@kyuss.org>
Date: Thu, 17 Sep 2020 07:48:13 -0400
Subject: [PATCH] pass ssh audit

---
 .../resources/packer/roles/firewall/files/bubble_sshd.conf   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/bubble-server/src/main/resources/packer/roles/firewall/files/bubble_sshd.conf b/bubble-server/src/main/resources/packer/roles/firewall/files/bubble_sshd.conf
index db18fb25..58981a88 100644
--- a/bubble-server/src/main/resources/packer/roles/firewall/files/bubble_sshd.conf
+++ b/bubble-server/src/main/resources/packer/roles/firewall/files/bubble_sshd.conf
@@ -7,3 +7,8 @@ KerberosAuthentication no
 GSSAPIAuthentication no
 X11Forwarding no
 PermitUserEnvironment no
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+KexAlgorithms curve25519-sha256@libssh.org
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com