From 6d420309a4f730603acf820e68cb5d4b774bc123 Mon Sep 17 00:00:00 2001
From: Willem van Heemstra <wvanheemstra@users.noreply.github.com>
Date: Fri, 3 Jan 2025 09:25:02 +0100
Subject: [PATCH] Update HOSTS.md

---
 HOSTS.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/HOSTS.md b/HOSTS.md
index 9307bb0..3fc2da9 100644
--- a/HOSTS.md
+++ b/HOSTS.md
@@ -17,6 +17,11 @@ Host hetzner
   PasswordAuthentication no
   # Prevent TCP forwarding if not needed
   AllowTcpForwarding no
+  # Additional security hardening
+  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
+  HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256
 ```
 ~/.ssh/config