};
openFirewall = mkDefault false;
settings = {
+ Ciphers = [
+ # Not hardware accelerated, but fast enough and somehow more secure
+ # (packet sizes are encrypted and less vulnerable to timing attacks).
+ "chacha20-poly1305@openssh.com"
+ # A bit more throughput.
+ "aes128-gcm@openssh.com"
+ "aes256-gcm@openssh.com"
+ ];
KbdInteractiveAuthentication = mkDefault false;
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
KexAlgorithms = [