Synopsis # Install ssh-audit with pkg_add(1) . Run ssh-audit against the target to inventory supported algorithms. Constrain key exchange, host-key, and MAC algorithms in sshd_config(5) . Validate configuration with sshd(8) and restart via rcctl(8) . Re-run ssh-audit to confirm the intended policy. Optionally remove small Diffie–Hellman moduli per moduli(5) . Optionally rotate host keys with ssh-keygen(1) . Overview # This chapter describes how to assess and harden an OpenSSH server on Open...
