With ever-expanding number of scripts on my NAS I noticed that pretty much every one had similar, but not quite the same parameters. For example, my automatic replication would use one set of encryption parameters while my Mikrotik router backup script would use other, and my website backup script would use a third variant.
So I decided to see if I could still keep the reasonable security but consolidate all these to a single type.
For key exchange, I had choice of
diffie-hellman-group1-sha1. Unfortunately there is no
email@example.com or similar algorithms that are considered more secure.
For a while I considered using
diffie-hellman-group14-sha1 as it uses 2048 bit prime but its abandonment by modern SSH versions made me go with
diffie-hellman-group-exchange-sha256. As this method allows for custom groups, it should be theoretically better but it also allows server to setup connection with known weak parameters. As servers are in my control, that should not pose an huge issue here.
For cipher my hands were extremely tied – Mikrotik, my router of choice, supports only
aes192-ctr. Both are of acceptable security so I went with faster:
For authentication Mikrotik was again extremely limited – only
hmac-sha1 were supported. While I was tempted to go with
hmac-sha1 which is still secure enough despite SHA1 being broken (HMAC part really does make a difference), I went with
hmac-sha2-256 as former might get obsoleted soon.
My final set of “standard” parameters is as follows:
-2 -o KexAlgorithms=diffie-hellman-group-exchange-sha256 -c aes192-ctr -o MACs=hmac-sha2-256
Additional parameter is not strictly encryption related but I find it very reasonable to enforce SSH protocol version 2.