update ssh client config recommendations

elnappo · elnappo · commit be3b2af6555c · 2017-01-17T13:42:42.000+01:00
diff --git a/README.md b/README.md
@@ -14,9 +14,11 @@ Set up a secure config for OpenSSH Server >= 6.5. This playbook extends your ssh
 #### Recommended `~/.ssh/config`, `/etc/ssh/ssh_config`
 ``` 
 Host *
+    HashKnownHosts yes
 	PasswordAuthentication no
 	PubkeyAuthentication yes
 	ChallengeResponseAuthentication no
+    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
 	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
@@ -26,6 +28,7 @@ alias for legacy connections: `alias ssh_ignore="ssh -F /dev/null"`
 
 ## Inspired by
 * [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)
+* [Mozilla Wiki - Security/Guidelines/OpenSSH](https://wiki.mozilla.org/Security/Guidelines/OpenSSH)
 * [BetterCrypto](https://github.com/BetterCrypto/Applied-Crypto-Hardening)
 * [Manpage sshd_config](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5)
 
