npm - @networkpro/blog - Versions diffs - 1.0.7 → 1.0.10 - Mend

@networkpro/blog 1.0.7 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/CNAME +1 -0
package/LICENSE.md +265 -0
package/MKDOCS.md +20 -0
package/README.md +8 -46
package/assets/consulting-terms.pdf +0 -0
package/assets/license/CC-BY-4.0-rdfa.xml +741 -0
package/assets/license/CC-BY-4.0.xml +25 -0
package/assets/license/COPYING-rdfa.xml +1187 -0
package/assets/license/COPYING.odt +0 -0
package/assets/linksheet.json +8 -0
package/assets/pgp/contact.vcf +13 -0
package/assets/pgp/contact@s.neteng.pro.aexpk +17 -0
package/assets/pgp/contact@s.neteng.pro.asc +17 -0
package/assets/pgp/github@sl.neteng.cc.aexpk +29 -0
package/assets/pgp/github@sl.neteng.cc.asc +29 -0
package/assets/pgp/support@neteng.pro.aexpk +47 -0
package/assets/pgp/support@neteng.pro.asc +47 -0
package/cspell.json +38 -0
package/docs/LICENSE.md +296 -0
package/docs/PRIVACY.md +212 -0
package/docs/README.md +115 -0
package/docs/TERMS-COND.md +277 -0
package/docs/TERMS-USE.md +212 -0
package/docs/license/CC-BY-4.0.html +1235 -0
package/docs/license/CC-BY-4.0.md +367 -0
package/docs/license/CC-BY-4.0.txt +156 -0
package/docs/license/COPYING.html +1413 -0
package/docs/license/COPYING.md +611 -0
package/docs/license/COPYING.txt +232 -0
package/docs_raw/contributing.md +166 -0
package/docs_raw/img/heliboard-promo.png +0 -0
package/docs_raw/img/heliboard.png +0 -0
package/docs_raw/img/msauth-promo.png +0 -0
package/docs_raw/index.md +18 -0
package/docs_raw/posts/betterweb.md +59 -0
package/docs_raw/posts/heliboard.md +50 -0
package/docs_raw/posts/live.md +83 -0
package/docs_raw/posts/moved.md +74 -0
package/docs_raw/posts/msauth.md +51 -0
package/docs_raw/posts/pwa.md +65 -0
package/docs_raw/posts/secure-secure-shell.md +562 -0
package/docs_raw/posts/weblive.md +63 -0
package/docs_raw/sitemap.xml +83 -0
package/{styles → docs_raw/styles}/default.css +6 -42
package/{styles → docs_raw/styles}/normalize.css +5 -2
package/{styles → docs_raw/styles}/style.css +5 -6
package/docs_raw/tags.md +12 -0
package/eslint.config.mjs +80 -0
package/mkdocs.yml +113 -0
package/package.json +10 -9
package/postcss.config.mjs +5 -0
package/ref/README.md +56 -0
package/ref/help.md +17 -0
package/stylelint.config.js +109 -0
package/2015/01/04/secure-secure-shell/index.html +0 -1552
package/2025/04/30/were-live/index.html +0 -1220
package/2025/05/11/the-network-pro-blog-has-moved/index.html +0 -1202
package/2025/05/15/building-a-better-web-experience/index.html +0 -1200
package/2025/05/16/progressive-web-app-is-live/index.html +0 -1232
package/404.html +0 -970
package/archive/2015/index.html +0 -1141
package/archive/2025/index.html +0 -1316
package/assets/external/avatars.githubusercontent.com/u/170266279.png +0 -0
package/assets/external/unpkg.com/mermaid@11/dist/mermaid.min.js +0 -2607
package/assets/images/favicon.png +0 -0
package/assets/javascripts/bundle.13a4f30d.min.js +0 -16
package/assets/javascripts/bundle.13a4f30d.min.js.map +0 -7
package/assets/javascripts/lunr/min/lunr.ar.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.da.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.de.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.du.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.el.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.es.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.fi.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.fr.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.he.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.hi.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.hu.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.hy.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.it.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.ja.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.jp.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.kn.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.ko.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.multi.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.nl.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.no.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.pt.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.ro.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.ru.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.sa.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.stemmer.support.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.sv.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.ta.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.te.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.th.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.tr.min.js +0 -18
package/assets/javascripts/lunr/min/lunr.vi.min.js +0 -1
package/assets/javascripts/lunr/min/lunr.zh.min.js +0 -1
package/assets/javascripts/lunr/tinyseg.js +0 -206
package/assets/javascripts/lunr/wordcut.js +0 -6708
package/assets/javascripts/workers/search.d50fe291.min.js +0 -42
package/assets/javascripts/workers/search.d50fe291.min.js.map +0 -7
package/assets/stylesheets/main.342714a4.min.css +0 -1
package/assets/stylesheets/main.342714a4.min.css.map +0 -1
package/assets/stylesheets/palette.06af60db.min.css +0 -1
package/assets/stylesheets/palette.06af60db.min.css.map +0 -1
package/category/security/index.html +0 -1141
package/contributing/index.html +0 -1306
package/feed_json_created.json +0 -1
package/feed_json_updated.json +0 -1
package/feed_rss_created.xml +0 -1
package/feed_rss_updated.xml +0 -1
package/index.html +0 -1406
package/search/search_index.json +0 -1
package/sitemap.xml +0 -47
package/sitemap.xml.gz +0 -0
package/tags/index.html +0 -1432
/package/assets/{external/raw.githubusercontent.com/netwk-pro/netwk-pro.github.io/refs/heads/master/assets/nsa-happy-dance.png → nsa-happy-dance.png} +0 -0
/package/{ext → docs_raw/ext}/__init__.py +0 -0
/package/{ext → docs_raw/ext}/slugs.py +0 -0
/package/{favicon.ico → docs_raw/favicon.ico} +0 -0
/package/{favicon.svg → docs_raw/favicon.svg} +0 -0
/package/{fontawesome → docs_raw/fontawesome}/LICENSE.txt +0 -0
/package/{fontawesome → docs_raw/fontawesome}/brands/facebook.svg +0 -0
/package/{fontawesome → docs_raw/fontawesome}/brands/instagram.svg +0 -0
/package/{fontawesome → docs_raw/fontawesome}/brands/linkedin.svg +0 -0
/package/{fontawesome → docs_raw/fontawesome}/brands/mastodon.svg +0 -0
/package/{fontawesome → docs_raw/fontawesome}/solid/at.svg +0 -0
/package/{hooks → docs_raw/hooks}/socialmedia.py +0 -0
/package/{icon-180x180.png → docs_raw/icon-180x180.png} +0 -0
/package/{icon-192x192.png → docs_raw/icon-192x192.png} +0 -0
/package/{icon-512x512-maskable.png → docs_raw/icon-512x512-maskable.png} +0 -0
/package/{icon-512x512.png → docs_raw/icon-512x512.png} +0 -0
/package/{icon-splash.png → docs_raw/icon-splash.png} +0 -0
/package/{img → docs_raw/img}/acode.png +0 -0
/package/{img → docs_raw/img}/blog-move.png +0 -0
/package/{img → docs_raw/img}/favicon.png +0 -0
/package/{img → docs_raw/img}/linksheet.png +0 -0
/package/{img → docs_raw/img}/logo.png +0 -0
/package/{img → docs_raw/img}/pmx.png +0 -0
/package/{img → docs_raw/img}/tosdr.png +0 -0
/package/{img → docs_raw/img}/urlcheck.png +0 -0
/package/{manifest.json → docs_raw/manifest.json} +0 -0
/package/{robots.txt → docs_raw/robots.txt} +0 -0
/package/{styles → docs_raw/styles}/global.css +0 -0

package/2015/01/04/secure-secure-shell/index.html DELETED Viewed

@@ -1,1552 +0,0 @@
-<!doctype html>
-<html lang="en" class="no-js">
-  <head>
-      <meta charset="utf-8">
-      <meta name="viewport" content="width=device-width,initial-scale=1">
-        <link rel="canonical" href="https://blog.netwk.pro/2015/01/04/secure-secure-shell/">
-        <link rel="next" href="../../../../2025/04/30/were-live/">
-        <link rel="alternate" type="application/rss+xml" title="RSS feed" href="../../../../feed_rss_created.xml">
-        <link rel="alternate" type="application/rss+xml" title="RSS feed of updated content" href="../../../../feed_rss_updated.xml">
-      <link rel="icon" href="/favicon.svg">
-      <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.14">
-        <title>Secure Secure Shell - Network Pro™ Blog</title>
-      <link rel="stylesheet" href="../../../../assets/stylesheets/main.342714a4.min.css">
-        <link rel="stylesheet" href="../../../../assets/stylesheets/palette.06af60db.min.css">
-    <script>__md_scope=new URL("../../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
-  </head>
-    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="amber" data-md-color-accent="yellow">
-    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
-    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
-    <label class="md-overlay" for="__drawer"></label>
-    <div data-md-component="skip">
-        <a href="#secure-secure-shell" class="md-skip">
-          Skip to content
-        </a>
-    </div>
-    <div data-md-component="announce">
-    </div>
-<header class="md-header" data-md-component="header">
-  <nav class="md-header__inner md-grid" aria-label="Header">
-    <a href="../../../.." title="Network Pro™ Blog" class="md-header__button md-logo" aria-label="Network Pro™ Blog" data-md-component="logo">
-  <img src="/icon-512x512.png" alt="logo">
-    </a>
-    <label class="md-header__button md-icon" for="__drawer">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
-    </label>
-    <div class="md-header__title" data-md-component="header-title">
-      <div class="md-header__ellipsis">
-        <div class="md-header__topic">
-          <span class="md-ellipsis">
-            Network Pro™ Blog
-          </span>
-        </div>
-        <div class="md-header__topic" data-md-component="header-topic">
-          <span class="md-ellipsis">
-              Secure Secure Shell
-          </span>
-        </div>
-      </div>
-    </div>
-        <form class="md-header__option" data-md-component="palette">
-    <input class="md-option" data-md-color-media="(prefers-color-scheme)" data-md-color-scheme="default" data-md-color-primary="amber" data-md-color-accent="yellow"  aria-label="Switch to light mode"  type="radio" name="__palette" id="__palette_0">
-      <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden>
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m14.3 16-.7-2h-3.2l-.7 2H7.8L11 7h2l3.2 9zM20 8.69V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12zm-9.15 3.96h2.3L12 9z"/></svg>
-      </label>
-    <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="amber" data-md-color-accent="yellow"  aria-label="Switch to system preference"  type="radio" name="__palette" id="__palette_1">
-      <label class="md-header__button md-icon" title="Switch to system preference" for="__palette_2" hidden>
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
-      </label>
-    <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="amber" data-md-color-accent="yellow"  aria-label="Switch to dark mode"  type="radio" name="__palette" id="__palette_2">
-      <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_0" hidden>
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
-      </label>
-</form>
-      <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
-        <label class="md-header__button md-icon" for="__search">
-          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
-        </label>
-        <div class="md-search" data-md-component="search" role="dialog">
-  <label class="md-search__overlay" for="__search"></label>
-  <div class="md-search__inner" role="search">
-    <form class="md-search__form" name="search">
-      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
-      <label class="md-search__icon md-icon" for="__search">
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
-      </label>
-      <nav class="md-search__options" aria-label="Search">
-        <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
-          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
-        </button>
-      </nav>
-        <div class="md-search__suggest" data-md-component="search-suggest"></div>
-    </form>
-    <div class="md-search__output">
-      <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
-        <div class="md-search-result" data-md-component="search-result">
-          <div class="md-search-result__meta">
-            Initializing search
-          </div>
-          <ol class="md-search-result__list" role="presentation"></ol>
-        </div>
-      </div>
-    </div>
-  </div>
-</div>
-      <div class="md-header__source">
-        <a href="https://github.com/netwk-pro/netwk-pro.github.io" title="Go to repository" class="md-source" data-md-component="source">
-  <div class="md-source__icon md-icon">
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
-  </div>
-  <div class="md-source__repository">
-    GitHub
-  </div>
-</a>
-      </div>
-  </nav>
-</header>
-    <div class="md-container" data-md-component="container">
-<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
-  <div class="md-grid">
-    <ul class="md-tabs__list">
-    <li class="md-tabs__item md-tabs__item--active">
-      <a href="../../../.." class="md-tabs__link">
-  Home
-      </a>
-    </li>
-      <li class="md-tabs__item">
-        <a href="../../../../contributing/" class="md-tabs__link">
-  Contributing
-        </a>
-      </li>
-      <li class="md-tabs__item">
-        <a href="../../../../tags/" class="md-tabs__link">
-  Tags
-        </a>
-      </li>
-    <li class="md-tabs__item">
-      <a href="https://netwk.pro" class="md-tabs__link">
-  Website
-      </a>
-    </li>
-      <li class="md-tabs__item">
-        <a href="../../../../archive/2025/" class="md-tabs__link">
-  Archive
-        </a>
-      </li>
-      <li class="md-tabs__item">
-        <a href="../../../../category/security/" class="md-tabs__link">
-  Categories
-        </a>
-      </li>
-    </ul>
-  </div>
-</nav>
-      <main class="md-main" data-md-component="main">
-        <div class="md-main__inner md-grid">
-              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" hidden>
-                <div class="md-sidebar__scrollwrap">
-                  <div class="md-sidebar__inner">
-<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
-  <label class="md-nav__title" for="__drawer">
-    <a href="../../../.." title="Network Pro™ Blog" class="md-nav__button md-logo" aria-label="Network Pro™ Blog" data-md-component="logo">
-  <img src="/icon-512x512.png" alt="logo">
-    </a>
-    Network Pro™ Blog
-  </label>
-    <div class="md-nav__source">
-      <a href="https://github.com/netwk-pro/netwk-pro.github.io" title="Go to repository" class="md-source" data-md-component="source">
-  <div class="md-source__icon md-icon">
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
-  </div>
-  <div class="md-source__repository">
-    GitHub
-  </div>
-</a>
-    </div>
-  <ul class="md-nav__list" data-md-scrollfix>
-    <li class="md-nav__item md-nav__item--active">
-      <a href="../../../.." class="md-nav__link">
-  <span class="md-ellipsis">
-    Home
-  </span>
-      </a>
-    </li>
-    <li class="md-nav__item md-nav__item--nested">
-        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
-          <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
-  <span class="md-ellipsis">
-    Contributing
-  </span>
-            <span class="md-nav__icon md-icon"></span>
-          </label>
-        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
-          <label class="md-nav__title" for="__nav_2">
-            <span class="md-nav__icon md-icon"></span>
-            Contributing
-          </label>
-          <ul class="md-nav__list" data-md-scrollfix>
-    <li class="md-nav__item">
-      <a href="../../../../contributing/" class="md-nav__link">
-  <span class="md-ellipsis">
-    Code of Conduct
-  </span>
-      </a>
-    </li>
-          </ul>
-        </nav>
-    </li>
-    <li class="md-nav__item md-nav__item--nested">
-        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
-          <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
-  <span class="md-ellipsis">
-    Tags
-  </span>
-            <span class="md-nav__icon md-icon"></span>
-          </label>
-        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
-          <label class="md-nav__title" for="__nav_3">
-            <span class="md-nav__icon md-icon"></span>
-            Tags
-          </label>
-          <ul class="md-nav__list" data-md-scrollfix>
-    <li class="md-nav__item">
-      <a href="../../../../tags/" class="md-nav__link">
-  <span class="md-ellipsis">
-    Tag Index
-  </span>
-      </a>
-    </li>
-          </ul>
-        </nav>
-    </li>
-    <li class="md-nav__item">
-      <a href="https://netwk.pro" class="md-nav__link">
-  <span class="md-ellipsis">
-    Website
-  </span>
-      </a>
-    </li>
-    <li class="md-nav__item md-nav__item--nested">
-        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
-          <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
-  <span class="md-ellipsis">
-    Archive
-  </span>
-            <span class="md-nav__icon md-icon"></span>
-          </label>
-        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
-          <label class="md-nav__title" for="__nav_5">
-            <span class="md-nav__icon md-icon"></span>
-            Archive
-          </label>
-          <ul class="md-nav__list" data-md-scrollfix>
-    <li class="md-nav__item">
-      <a href="../../../../archive/2025/" class="md-nav__link">
-  <span class="md-ellipsis">
-    May 2025
-  </span>
-      </a>
-    </li>
-    <li class="md-nav__item">
-      <a href="../../../../archive/2015/" class="md-nav__link">
-  <span class="md-ellipsis">
-    January 2015
-  </span>
-      </a>
-    </li>
-          </ul>
-        </nav>
-    </li>
-    <li class="md-nav__item md-nav__item--nested">
-        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
-          <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
-  <span class="md-ellipsis">
-    Categories
-  </span>
-            <span class="md-nav__icon md-icon"></span>
-          </label>
-        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
-          <label class="md-nav__title" for="__nav_6">
-            <span class="md-nav__icon md-icon"></span>
-            Categories
-          </label>
-          <ul class="md-nav__list" data-md-scrollfix>
-    <li class="md-nav__item">
-      <a href="../../../../category/security/" class="md-nav__link">
-  <span class="md-ellipsis">
-    Security
-  </span>
-      </a>
-    </li>
-          </ul>
-        </nav>
-    </li>
-  </ul>
-</nav>
-                  </div>
-                </div>
-              </div>
-              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
-                <div class="md-sidebar__scrollwrap">
-                  <div class="md-sidebar__inner">
-<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
-</nav>
-                  </div>
-                </div>
-              </div>
-  <div class="md-content md-content--post" data-md-component="content">
-    <div class="md-sidebar md-sidebar--post" data-md-component="sidebar" data-md-type="navigation">
-      <div class="md-sidebar__scrollwrap">
-        <div class="md-sidebar__inner md-post">
-          <nav class="md-nav md-nav--primary">
-            <div class="md-post__back">
-              <div class="md-nav__title md-nav__container">
-                <a href="../../../.." class="md-nav__link">
-                  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
-                  <span class="md-ellipsis">
-                    Back to index
-                  </span>
-                </a>
-              </div>
-            </div>
-              <div class="md-post__authors md-typeset">
-                  <div class="md-profile md-post__profile">
-                    <span class="md-author md-author--long">
-                      <img src="../../../../assets/external/avatars.githubusercontent.com/u/170266279.png" alt="Network Pro">
-                    </span>
-                    <span class="md-profile__description">
-                      <strong>
-                          <a href="https://netwk.pro/">Network Pro</a>
-                      </strong>
-                      <br>
-                      Creator
-                    </span>
-                  </div>
-              </div>
-            <ul class="md-post__meta md-nav__list">
-              <li class="md-nav__item md-nav__item--section">
-                <div class="md-post__title">
-                  <span class="md-ellipsis">
-                    Metadata
-                  </span>
-                </div>
-                <nav class="md-nav">
-                  <ul class="md-nav__list">
-                    <li class="md-nav__item">
-                      <div class="md-nav__link">
-                        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 19H5V8h14m-3-7v2H8V1H6v2H5c-1.11 0-2 .89-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2h-1V1m-1 11h-5v5h5z"/></svg>
-                        <time datetime="2015-01-04 00:00:00+00:00" class="md-ellipsis">January 4, 2015</time>
-                      </div>
-                    </li>
-                      <li class="md-nav__item">
-                        <div class="md-nav__link">
-                          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M15 13h1.5v2.82l2.44 1.41-.75 1.3L15 16.69zm4-5H5v11h4.67c-.43-.91-.67-1.93-.67-3a7 7 0 0 1 7-7c1.07 0 2.09.24 3 .67zM5 21a2 2 0 0 1-2-2V5c0-1.11.89-2 2-2h1V1h2v2h8V1h2v2h1a2 2 0 0 1 2 2v6.1c1.24 1.26 2 2.99 2 4.9a7 7 0 0 1-7 7c-1.91 0-3.64-.76-4.9-2zm11-9.85A4.85 4.85 0 0 0 11.15 16c0 2.68 2.17 4.85 4.85 4.85A4.85 4.85 0 0 0 20.85 16c0-2.68-2.17-4.85-4.85-4.85"/></svg>
-                          <time datetime="2025-05-11 00:00:00+00:00" class="md-ellipsis">May 11, 2025</time>
-                        </div>
-                      </li>
-                      <li class="md-nav__item">
-                        <div class="md-nav__link">
-                          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9 3v15h3V3zm3 2 4 13 3-1-4-13zM5 5v13h3V5zM3 19v2h18v-2z"/></svg>
-                          <span class="md-ellipsis">
-                            in
-                              <a href="../../../../category/security/">Security</a></span>
-                        </div>
-                      </li>
-                      <li class="md-nav__item">
-                        <div class="md-nav__link">
-                          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 20a8 8 0 0 0 8-8 8 8 0 0 0-8-8 8 8 0 0 0-8 8 8 8 0 0 0 8 8m0-18a10 10 0 0 1 10 10 10 10 0 0 1-10 10C6.47 22 2 17.5 2 12A10 10 0 0 1 12 2m.5 5v5.25l4.5 2.67-.75 1.23L11 13V7z"/></svg>
-                          <span class="md-ellipsis">
-                              13 min read
-                          </span>
-                        </div>
-                      </li>
-                  </ul>
-                </nav>
-              </li>
-            </ul>
-          </nav>
-        </div>
-      </div>
-    </div>
-    <article class="md-content__inner md-typeset">
-  <nav class="md-tags" >
-        <a href="../../../../tags/#tag:post" class="md-tag">post</a>
-        <a href="../../../../tags/#tag:security" class="md-tag">security</a>
-  </nav>
-<h1 id="secure-secure-shell">Secure Secure Shell</h1>
-<!-- markdownlint-disable-file -->
-<!-- eslint-disable -->
-<blockquote style="font-size: small; font-style: italic; font-weight: bold;">
-Originally published on 1/4/2015 by <a rel="noopener noreferrer" href="https://github.com/stribika">stribika</a> at:<br />
-<a rel="noopener noreferrer" href="https://blog.stribik.technology/2015/01/04/secure-secure-shell.html">https://blog.stribik.technology/2015/01/04/secure-secure-shell.html</a>
-</blockquote>
-<blockquote style="font-size: small; font-style: italic; font-weight: bold;">
-Mirrored to preserve information. Minor changes have been made, and this is noted where applicable. Also see:<br />
-<a rel="noopener noreferrer" href="https://security.stackexchange.com/questions/143442/what-are-ssh-keygen-best-practices">https://security.stackexchange.com/questions/143442/what-are-ssh-keygen-best-practices</a>
-</blockquote>
-<blockquote style="font-size: small;">
-📝 <strong><i>NOTE:</i></strong> Despite this article's age, we've yet to come across a better source of information with regard to SSH configuration.
-</blockquote>
-<ul>
-<li><a href="#sshd">Skip to the good part.</a></li>
-</ul>
-<p>You may have heard that the NSA can decrypt SSH at least some of the time.
-If you have not, then read the <a href="https://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html&gt;)">latest batch of Snowden documents</a> now. All of it. This post will still be here when you finish. My goal with this post here is to make NSA analysts sad.</p>
-<p>TL;DR: Scan this post for fixed width fonts, these will be the config file snippets and commands you have to use.</p>
-<!-- more -->
-<p><em>Warning</em>: You will need a recent OpenSSH version.
-It should work with 6.5 but I have only tested 6.7 and connections to Github.
-Here is a good <a href="http://ssh-comparison.quendi.de/comparison.html">compatibility matrix</a>.</p>
-<hr />
-<h1 id="the-crypto">The crypto</h1>
-<p>Reading the documents, I have the feeling that the NSA can 1) decrypt weak crypto and 2) steal keys.
-Let's focus on the crypto first.
-SSH supports different key exchange algorithms, ciphers and message authentication codes.
-The server and the client choose a set of algorithms supported by both, then proceed with the key exchange.
-Some of the supported algorithms are not so great and should be disabled completely.
-This hurts interoperability but everyone uses OpenSSH anyway.
-Fortunately, downgrade attacks are not possible because the supported algorithm lists are included in the key derivation.
-If a man in the middle were to change the lists, then the server and the client would calculate different keys.</p>
-<h2 id="key-exchange">Key exchange</h2>
-<p>There are basically two ways to do key exchange: <a href="https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange">Diffie-Hellman</a> and <a href="https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman">Elliptic Curve Diffie-Hellman</a>.
-Both provide <a href="https://en.wikipedia.org/wiki/Forward_secrecy">forward secrecy</a> which the NSA hates because they can't use passive collection and key recovery later.
-The server and the client will end up with a shared secret number at the end without a passive eavesdropper learning anything about this number.
-After we have a shared secret we have to derive a cryptographic key from this using a key derivation function.
-In case of SSH, this is a hash function.
-<a href="https://www.mitls.org/downloads/transcript-collisions.pdf">Collision attacks</a> on this hash function have been proven to allow downgrade attacks.</p>
-<p>DH works with a multiplicative group of integers modulo a prime.
-Its security is based on the hardness of the <a href="https://en.wikipedia.org/wiki/Discrete_logarithm_problem">discrete logarithm problem</a>.</p>
-<h2 id="alice-bob"><pre><code id="diffie-hellman">Alice Bob</h2>
-<p>Sa = random
-Pa = g^Sa --&gt; Pa
-Sb = random
-Pb &lt;-- Pb = g^Sb
-s = Pb^Sa s = Pa^Sb
-k = KDF(s) k = KDF(s)</code></pre></p>
-<p>ECDH works with elliptic curves over finite fields.
-Its security is based on the hardness of the elliptic curve discrete logarithm problem.</p>
-<h2 id="alice-bob_1"><pre><code id="elliptic-curve-diffie-hellman">Alice Bob</h2>
-<p>Sa = random
-Pa = Sa <em>G --&gt; Pa
-Sb = random
-Pb &lt;-- Pb = Sb</em> G
-s = Sa <em>Pb s = Sb</em> Pa
-k = KDF(s) k = KDF(s)</code></pre></p>
-<hr />
-<h2 id="sshd-configuration"><a id="sshd">SSHD Configuration</a></h2>
-<blockquote>
-<p><strong><em>NOTE:</em></strong> Emphasis added, it was not present in the originally published article.<br />
-Key exchange <strong>1</strong> (curve25519-sha256) alone is ideal, <strong>8</strong> is also acceptable for interoperability.</p>
-</blockquote>
-<p>OpenSSH supports 11 key exchange protocols:</p>
-<ol>
-<li><strong><a href="https://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256@libssh.org.txt">curve25519-sha256</a>: ECDH over <a href="https://cr.yp.to/ecdh.html">Curve25519</a> with SHA2</strong></li>
-<li><a href="https://www.ietf.org/rfc/rfc4253.txt">diffie-hellman-group1-sha1</a>: 1024 bit DH with SHA1</li>
-<li><a href="https://www.ietf.org/rfc/rfc4253.txt">diffie-hellman-group14-sha1</a>: 2048 bit DH with SHA1</li>
-<li><a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-modp-dh-sha2-09">diffie-hellman-group14-sha256</a>: 2048 bit DH with SHA2</li>
-<li><a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-modp-dh-sha2-09">diffie-hellman-group16-sha512</a>: 4096 bit DH with SHA2</li>
-<li><a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-modp-dh-sha2-09">diffie-hellman-group18-sha512</a>: 8192 bit DH with SHA2</li>
-<li><a href="https://www.ietf.org/rfc/rfc4419.txt">diffie-hellman-group-exchange-sha1</a>: Custom DH with SHA1</li>
-<li><strong><em><a href="https://www.ietf.org/rfc/rfc4419.txt">diffie-hellman-group-exchange-sha256</a>: Custom DH with SHA2</em></strong></li>
-<li>ecdh-sha2-nistp256: ECDH over NIST P-256 with SHA2</li>
-<li>ecdh-sha2-nistp384: ECDH over NIST P-384 with SHA2</li>
-<li>ecdh-sha2-nistp521: ECDH over NIST P-521 with SHA2</li>
-</ol>
-<p>We have to look at 3 things here:</p>
-<ul>
-<li><em>ECDH curve choice</em>:
-  This eliminates <strong>9-11</strong> because <a href="https://blog.cr.yp.to/20140323-ecdsa.html">NIST curves suck</a>.
-  They leak secrets through timing side channels and off-curve inputs.
-  Also, <a href="https://projectbullrun.org/dual-ec/vulnerability.html">NIST is considered harmful</a> and cannot be trusted.</li>
-<li><em>Bit size of the DH modulus</em>:
-  This eliminates <strong>2</strong> because the NSA has supercomputers and possibly unknown attacks.
-  1024 bits simply don't offer sufficient security margin.</li>
-<li><em>Security of the hash function</em>:
-  This eliminates <strong>2</strong>, <strong>3</strong>, and <strong>7</strong> because SHA1 is broken.
-  We don't have to wait for a second preimage attack that takes 10 minutes on a cellphone to disable it right now.</li>
-</ul>
-<p>We are left with <strong>1</strong> and <strong>8</strong>, as well as <strong>4-6</strong> which were added in <a href="https://www.openssh.com/releasenotes.html#7.3">OpenSSH 7.3</a>.
-<strong>1</strong> is better and it's perfectly OK to only support that but for interoperability (with Eclipse, WinSCP), <strong>8</strong> can be included.</p>
-<blockquote>
-<p><strong><em>NOTE:</em></strong> 8 should no longer be necessary in newer versions of WinSCP. If in doubt, test with only 1 first. Add 8 if it won't connect otherwise.</p>
-</blockquote>
-<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>
-<pre><code id="server-kex">KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256</code></pre>
-<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>
-<pre><code id="client-kex"># Github needs diffie-hellman-group-exchange-sha1 some of the time but not always.
-#Host github.com
-#    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
-Host *
-    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256</code></pre>
-<blockquote>
-<p><strong><em>NOTE:</em></strong> GitHub should no longer need a separate setting, as they've transitioned away from SSH keys. They should not require an exception regardless.</p>
-</blockquote>
-<p>If you chose to enable <strong>8</strong>, open <code>/etc/ssh/moduli</code> if exists, and delete lines where the 5th column is less than 2000.</p>
-<pre><code id="server-moduli-filter">awk '$5 > 2000' /etc/ssh/moduli > "${HOME}/moduli"
-wc -l "${HOME}/moduli" # make sure there is something left
-mv "${HOME}/moduli" /etc/ssh/moduli</code></pre>
-<p>If it does not exist, create it:</p>
-<pre><code id="server-moduli">ssh-keygen -G /etc/ssh/moduli.all -b 4096
-ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all
-mv /etc/ssh/moduli.safe /etc/ssh/moduli
-rm /etc/ssh/moduli.all</code></pre>
-<p>This will take a while so continue while it's running.</p>
-<hr />
-<h2 id="authentication">Authentication</h2>
-<p>The key exchange ensures that the server and the client shares a secret no one else knows.
-We also have to make sure that they share this secret with each other and not an NSA analyst.</p>
-<h3 id="server-authentication">Server authentication</h3>
-<p>The server proves its identity to the client by signing the key resulting from the key exchange.
-There are 4 public key algorithms for authentication:</p>
-<ol>
-<li>DSA with SHA1</li>
-<li>ECDSA with SHA256, SHA384 or SHA512 depending on key size</li>
-<li><a href="https://ed25519.cr.yp.to/">Ed25519</a> with SHA512</li>
-<li>RSA with SHA1</li>
-</ol>
-<p>DSA keys must be exactly 1024 bits so let's disable that.
-Number 2 here involves NIST suckage and should be disabled as well.
-Another important disadvantage of DSA and ECDSA is that it uses randomness for each signature.
-If the random numbers are not the best quality, then it is <a href="https://security.stackexchange.com/a/46781">possible to recover</a> the <a href="https://events.ccc.de/congress/2010/Fahrplan/attachments/1780%5F27c3%5Fconsole%5Fhacking%5F2010.pdf">secret key</a>.
-Fortunately, RSA using SHA1 is not a problem here because the value being signed is actually a SHA2 hash.
-The hash function SHA1(SHA2(x)) is just as secure as SHA2 (it has less bits of course but no better attacks).</p>
-<pre><code id="server-auth">Protocol 2
-HostKey /etc/ssh/ssh_host_ed25519_key
-HostKey /etc/ssh/ssh_host_rsa_key</code></pre>
-<p>The first time you connect to your server, you will be asked to accept the new fingerprint.</p>
-<p>This will also disable the horribly broken v1 protocol that you should not have enabled in the first place.
-We should remove the unused keys and only generate a large RSA key and an Ed25519 key.
-Your init scripts may recreate the unused keys.
-If you don't want that, remove any <code>ssh-keygen</code> commands from the init script.</p>
-<pre><code id="server-keygen">cd /etc/ssh
-rm ssh_host_*key*
-ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null
-ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N "" < /dev/null</code></pre>
-<h3 id="client-authentication">Client authentication</h3>
-<p>The client must prove its identity to the server as well.
-There are various methods to do that.</p>
-<p>The simplest is password authentication.
-This should be disabled immediately <em>after</em> setting up a more secure method because it allows compromised servers to steal passwords.
-Password authentication is also more vulnerable to online bruteforce attacks.</p>
-<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>
-<pre><code id="server-auth-password">PasswordAuthentication no
-ChallengeResponseAuthentication no</code></pre>
-<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>
-<pre><code id="client-auth-password">Host *
-    PasswordAuthentication no
-    ChallengeResponseAuthentication no</code></pre>
-<p>The most common and secure method is public key authentication, basically the same process as the server authentication.</p>
-<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>
-<pre><code id="server-auth-pubkey">PubkeyAuthentication yes</code></pre>
-<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>
-<pre><code id="client-auth-pubkey">Host *
-    PubkeyAuthentication yes
-    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa</code></pre>
-<p>Generate client keys using the following commands:</p>
-<pre><code id="client-keygen">ssh-keygen -t ed25519 -o -a 100
-ssh-keygen -t rsa -b 4096 -o -a 100</code></pre>
-<p>You can deploy your new client public keys using <code>ssh-copy-id</code>.</p>
-<p>It is also possible to use OTP authentication to reduce the consequences of lost passwords.
-<a href="https://github.com/google/google-authenticator/wiki/PAM-Module-Instructions">Google Authenticator</a> is a nice implementation of <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a>, or Timebased One Time Password.
-You can also use a <a href="https://www.cl.cam.ac.uk/~mgk25/otpw.html">printed list of one time passwords</a> or any other <a href="https://en.wikipedia.org/wiki/Pluggable_authentication_module">PAM</a> module, really, if you enable <code>ChallengeResponseAuthentication</code>.</p>
-<h3 id="user-authentication">User Authentication</h3>
-<p>Even with Public Key authentication, you should only allow incoming connections from expected users. The <code>AllowUsers</code> setting in <code>sshd_config</code> lets you specify users who are allowed to connect, but this can get complicated with a large number of ssh users. Additionally, when deleting a user from the system, the username is <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779880">not removed</a> from <code>sshd_config</code>, which adds to maintenance requirements. The solution is to use the <code>AllowGroups</code> setting instead, and add users to an <code>ssh-user</code> group.</p>
-<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>
-<pre><code id="client-auth-allowgroups">AllowGroups ssh-user</code></pre>
-<p>Create the ssh-user group with <code>sudo groupadd ssh-user</code>, then add each ssh user to the group with <code>sudo usermod -a -G ssh-user &lt;username&gt;</code>.</p>
-<hr />
-<h2 id="symmetric-ciphers">Symmetric ciphers</h2>
-<blockquote>
-<p><strong><em>NOTE:</em></strong> Emphasis added.</p>
-</blockquote>
-<p>Symmetric ciphers are used to encrypt the data after the initial key exchange and authentication is complete.</p>
-<p>Here we have quite a few algorithms (10-14 were removed in <a href="https://www.openssh.com/releasenotes.html#7.6">OpenSSH 7.6</a>):</p>
-<ol>
-<li>3des-cbc</li>
-<li>aes128-cbc</li>
-<li>aes192-cbc</li>
-<li>aes256-cbc</li>
-<li>aes128-ctr</li>
-<li>aes192-ctr</li>
-<li>aes256-ctr</li>
-<li><strong><em><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#97;&#101;&#115;&#49;&#50;&#56;&#45;&#103;&#99;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#97;&#101;&#115;&#49;&#50;&#56;&#45;&#103;&#99;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></em></strong></li>
-<li><strong><em><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#97;&#101;&#115;&#50;&#53;&#54;&#45;&#103;&#99;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#97;&#101;&#115;&#50;&#53;&#54;&#45;&#103;&#99;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></em></strong></li>
-<li>arcfour</li>
-<li>arcfour128</li>
-<li>arcfour256</li>
-<li>blowfish-cbc</li>
-<li>cast128-cbc</li>
-<li><strong><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#99;&#104;&#97;&#99;&#104;&#97;&#50;&#48;&#45;&#112;&#111;&#108;&#121;&#49;&#51;&#48;&#53;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#99;&#104;&#97;&#99;&#104;&#97;&#50;&#48;&#45;&#112;&#111;&#108;&#121;&#49;&#51;&#48;&#53;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></strong></li>
-</ol>
-<p>We have to consider the following:</p>
-<ul>
-<li><em>Security of the cipher algorithm</em>:
-  This eliminates <strong>1</strong> and <strong>10-12</strong> - both DES and RC4 are broken.
-  Again, no need to wait for them to become even weaker, disable them now.</li>
-<li><em>Key size</em>:
-  At least 128 bits, the more the better.</li>
-<li><em>Block size</em>:
-  Does not apply to stream ciphers.
-  At least 128 bits.
-  This eliminates <strong>13</strong> and <strong>14</strong> because those have a 64 bit block size.</li>
-<li><em>Cipher mode</em>:
-  The recommended approach here is to prefer <a href="https://en.wikipedia.org/wiki/Authenticated_encryption">AE</a> modes and optionally allow CTR for compatibility.
-  CTR with Encrypt-then-MAC is provably secure.</li>
-</ul>
-<p>Chacha20-poly1305 is preferred over AES-GCM because the SSH protocol <a href="http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html">does not encrypt message sizes</a> when GCM (or EtM) is in use.
-This allows some traffic analysis even without decrypting the data.
-We will deal with that soon.</p>
-<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>
-<pre><code id="server-ciphers">Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr</code></pre>
-<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>
-<pre><code id="client-ciphers">Host *
-    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr</code></pre>
-<hr />
-<h2 id="message-authentication-codes">Message authentication codes</h2>
-<blockquote>
-<p>Emphasis added.</p>
-</blockquote>
-<p>Encryption provides <em>confidentiality</em>, message authentication code provides <em>integrity</em>.
-We need both.
-If an AE cipher mode is selected, then extra MACs are not used, the integrity is already given.
-If CTR is selected, then we need a MAC to calculate and attach a tag to every message.</p>
-<p>There are multiple ways to combine ciphers and MACs - not all of these are useful.
-The 3 most common:</p>
-<ul>
-<li><em>Encrypt-then-MAC</em>: encrypt the message, then attach the MAC of the ciphertext.</li>
-<li><em>MAC-then-encrypt</em>: attach the MAC of the plaintext, then encrypt everything.</li>
-<li><em>Encrypt-and-MAC</em>: encrypt the message, then attach the MAC of the plaintext.</li>
-</ul>
-<p>Only Encrypt-then-MAC should be used, period.
-Using MAC-then-encrypt have lead to many attacks on TLS while Encrypt-and-MAC have lead to not quite that many attacks on SSH.
-The reason for this is that the more you fiddle with an attacker provided message, the more chance the attacker has to gain information through side channels.
-In case of Encrypt-then-MAC, the MAC is verified and if incorrect, discarded.
-Boom, one step, no timing channels.
-In case of MAC-then-encrypt, first the attacker provided message has to be decrypted and only then can you verify it.
-Decryption failure (due to invalid CBC padding for example) may take less time than verification failure.
-Encrypt-and-MAC also has to be decrypted first, leading to the same kind of potential side channels.
-It's even worse because no one said that a MAC's output can't leak what its input was.
-SSH by default, uses this method.</p>
-<p>Here are the available MAC choices:</p>
-<ol>
-<li>hmac-md5</li>
-<li>hmac-md5-96</li>
-<li>hmac-sha1</li>
-<li>hmac-sha1-96</li>
-<li>hmac-sha2-256</li>
-<li>hmac-sha2-512</li>
-<li>umac-64</li>
-<li>umac-128</li>
-<li><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#104;&#109;&#97;&#99;&#45;&#109;&#100;&#53;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#104;&#109;&#97;&#99;&#45;&#109;&#100;&#53;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></li>
-<li><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#104;&#109;&#97;&#99;&#45;&#109;&#100;&#53;&#45;&#57;&#54;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#104;&#109;&#97;&#99;&#45;&#109;&#100;&#53;&#45;&#57;&#54;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></li>
-<li><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#49;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#49;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></li>
-<li><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#49;&#45;&#57;&#54;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#49;&#45;&#57;&#54;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></li>
-<li><strong><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#50;&#45;&#50;&#53;&#54;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#50;&#45;&#50;&#53;&#54;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></strong></li>
-<li><strong><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#50;&#45;&#53;&#49;&#50;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#104;&#109;&#97;&#99;&#45;&#115;&#104;&#97;&#50;&#45;&#53;&#49;&#50;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></strong></li>
-<li><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#117;&#109;&#97;&#99;&#45;&#54;&#52;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#117;&#109;&#97;&#99;&#45;&#54;&#52;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></li>
-<li><a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#117;&#109;&#97;&#99;&#45;&#49;&#50;&#56;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;">&#117;&#109;&#97;&#99;&#45;&#49;&#50;&#56;&#45;&#101;&#116;&#109;&#64;&#111;&#112;&#101;&#110;&#115;&#115;&#104;&#46;&#99;&#111;&#109;</a></li>
-</ol>
-<p>The selection considerations:</p>
-<ul>
-<li><em>Security of the hash algorithm</em>:
-  No MD5 and SHA1.
-  Yes, I know that HMAC-SHA1 does not need collision resistance but why wait?
-  Disable weak crypto today.</li>
-<li><em>Encrypt-then-MAC</em>:
-  I am not aware of a security proof for CTR-and-HMAC but I also don't think CTR decryption can fail.
-  Since there are no downgrade attacks, you can add them to the end of the list.
-  You can also do this on a host by host basis so you know which ones are less safe.</li>
-<li><em>Tag size</em>:
-  At least 128 bits.
-  This eliminates umac-64-etm.</li>
-<li><em>Key size</em>:
-  At least 128 bits.
-  This doesn't eliminate anything at this point.</li>
-</ul>
-<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>
-<pre><code id="server-macs">MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com</code></pre>
-<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>
-<pre><code id="client-macs">Host *
-    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com</code></pre>
-<h1 id="preventing-key-theft">Preventing key theft</h1>
-<p>Even with forward secrecy the secret keys must be kept secret.
-The NSA has a database of stolen keys - you do not want your key there.</p>
-<hr />
-<h2 id="system-hardening">System hardening</h2>
-<p>OpenSSH has some undocumented, and rarely used features.
-UseRoaming is one such feature with a <a href="https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem">known vulnerability</a>.</p>
-<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>
-<pre><code id="client-features">Host *
-   UseRoaming no</code></pre>
-<p>This post is not intended to be a comprehensive system security guide.
-Very briefly:</p>
-<ul>
-<li><em>Don't install what you don't need</em>:
-  Every single line of code has a chance of containing a bug.
-  Some of these bugs are security holes.
-  Fewer lines, fewer holes.</li>
-<li><em>Use free software</em>:
-  As in speech.
-  You want to use code that's actually reviewed or that you can review yourself.
-  There is no way to achieve that without source code.
-  Someone may have reviewed proprietary crap but who knows.</li>
-<li><em>Keep your software up to date</em>:
-  New versions often fix critical security holes.</li>
-<li><em>Exploit mitigation</em>:
-  Sad but true - there will always be security holes in your software.
-  There are things you can do to prevent their exploitation, such as GCC's -fstack-protector.
-  One of the best security projects out there is <a href="https://grsecurity.net/">Grsecurity</a>.
-  Use it or use OpenBSD.</li>
-</ul>
-<hr />
-<h2 id="traffic-analysis-resistance">Traffic analysis resistance</h2>
-<p>Set up <a href="https://www.torproject.org/docs/hidden-services.html.en">Tor hidden services</a> for your SSH servers.
-This has multiple advantages.
-It provides an additional layer of encryption and server authentication.
-People looking at your traffic will not know your IP, so they will be unable to scan and target other services running on the same server and client.
-Attackers can still attack these services but don't know if it has anything to do with the observed traffic until they actually break in.</p>
-<p>Now this is only true if you don't disclose your SSH server's fingerprint in any other way.
-You should only accept connections from the hidden service or from LAN, if required.</p>
-<p>If you don't need LAN access, you can add the following line to <code>/etc/ssh/sshd_config</code>:</p>
-<pre><code id="localhost-only">ListenAddress 127.0.0.1:22</code></pre>
-<p>Add this to <code>/etc/tor/torrc</code>:</p>
-<pre><code id="hidden-service">HiddenServiceDir /var/lib/tor/hidden_service/ssh
-HiddenServicePort 22 127.0.0.1:22</code></pre>
-<p>You will find the hostname you have to use in <code>/var/lib/tor/hidden_service/ssh/hostname</code>.
-You also have to configure the client to use Tor.
-For this, socat will be needed.
-Add the following line to <code>/etc/ssh/ssh_config</code>:</p>
-<pre><code id="onion-proxy">Host *.onion
-    ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050
-Host *
-    ...</code></pre>
-<p>If you want to allow connections from LAN, don't use the <code>ListenAddress</code> line, configure your firewall instead.</p>
-<hr />
-<h2 id="key-storage">Key storage</h2>
-<p>You should encrypt your client key files using a strong password.
-Additionally, you can use <code>ssh-keygen -o -a $number</code> to slow down cracking attempts by iterating the hash function many times.
-You may want to store them on a pendrive and only plug it in when you want to use SSH.
-Are you more likely to lose your pendrive or have your system compromised?
-I don't know.</p>
-<p>Unfortunately, you can't encrypt your server key and it must be always available, or else sshd won't start.
-The only thing protecting it is OS access controls.</p>
-<hr />
-<h1 id="the-end">The end</h1>
-<p>It's probably a good idea to test the changes.
-<code>ssh -v</code> will print the selected algorithms and also makes problems easier to spot.
-Be extremely careful when configuring SSH on a remote host.
-Always keep an active session, never restart sshd.
-Instead you can send the <code>SIGHUP</code> signal to reload the configuration without killing your session.
-You can be even more careful by starting a new sshd instance on a different port and testing that.</p>
-<p>Can you make these changes?
-If the answer is yes, then...</p>
-<p><img alt="NSA Happy Dance" src="../../../../assets/external/raw.githubusercontent.com/netwk-pro/netwk-pro.github.io/refs/heads/master/assets/nsa-happy-dance.png" title="Happy Dance!!"></p>
-<p>If the answer is no, it's probably due to compatibility problems.
-You can try to convince the other side to upgrade their security and turn it into a yes.
-I have created a <a href="https://github.com/stribika/stribika.github.io/wiki/Secure-Secure-Shell">wiki page</a> where anyone can add config files for preserving compatibility with various SSH implementations and SSH based services.</p>
-<p>If you work for a big company and change management doesn't let you do it, I'm sorry.
-I've seen the v1 protocol enabled in such places.
-There is no chance of improvement.
-Give up to preseve your sanity.</p>
-<p>Special thanks to the people of Twitter for the improvements.</p>
-<hr />
-<h1 id="changelog">ChangeLog</h1>
-<p>You may have noticed that this document changed since last time.
-I want to be very transparent about this.
-There were three major changes:</p>
-<ul>
-<li>After some debate and going back and forth between including GCM or not, it's now back again.
-  The reason for dropping it was that SSH doesn't encrypt packet sizes when using GCM.
-  The reason for bringing it back is that SSH does the same with any EtM algorithms.
-  There is no way around this unless you can live with chacha20-poly1305 only.
-  Also, the leaked documents don't sound like they can figure out the lengths or confirm presence of some things, more like straight up "send it to us and we'll decrypt it for you".
-  Wrapping SSH in a Tor hidden service will take care of any traffic analysis concerns.</li>
-<li>I'm now allowing Encrypt-and-MAC algorithms with CTR ciphers as a last resort.
-  I initially thought it was possible to use downgrade attacks, I now think it is not.</li>
-<li>I briefly disabled RSA because it uses SHA1, this turned out to be a non-issue because we're signing SHA2 hashes.</li>
-</ul>
-<p>You can see the <a href="https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md">full list of changes</a> on github.
-I promise not to use <code>git push -f</code>.</p>
-<p>&nbsp;</p>
-<p><strong>Network Pro™</strong> | <em>Cybersecurity that respects your values.</em></p>
-<hr />
-<div style="font-size: 12px; text-align: center;">
-<p>Network Pro&trade;, the shield logo, and the "Locking Down Networks&trade;" slogan are <a href="https://netwk.pro/legal#trademark" target="_self">trademarks</a> of Network Pro Strategies.</p>
-<p>Licensed under <a href="https://netwk.pro/legal#cc-by" target="_self"><strong>CC BY 4.0</strong></a> and the <a href="https://netwk.pro/legal#gnu-gpl" target="_self"><strong>GNU GPL</strong></a>, as published by the <a rel="noopener noreferrer" href="https://fsf.org" target="_blank">Free Software Foundation</a>, either version 3 of the License, or (at your option) any later version.</p>
-</div>
-    </article>
-  </div>
-<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
-        </div>
-          <button type="button" class="md-top md-icon" data-md-component="top" hidden>
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
-  Back to top
-</button>
-      </main>
-        <footer class="md-footer">
-  <div class="md-footer-meta md-typeset">
-    <div class="md-footer-meta__inner md-grid">
-      <div class="md-copyright">
-    <div class="md-copyright__highlight">
-      Copyright &copy; 2025 Network Pro Strategies (Network Pro&trade;) – <a href="#__consent">Change cookie settings</a>
-    </div>
-    Made with
-    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
-      Material for MkDocs
-    </a>
-</div>
-        <div class="md-social">
-    <a href="https://instagram.com/netwk_pro/" target="_blank" rel="noopener" title="Network Pro on Instagram" class="md-social__link">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M224.1 141c-63.6 0-114.9 51.3-114.9 114.9s51.3 114.9 114.9 114.9S339 319.5 339 255.9 287.7 141 224.1 141m0 189.6c-41.1 0-74.7-33.5-74.7-74.7s33.5-74.7 74.7-74.7 74.7 33.5 74.7 74.7-33.6 74.7-74.7 74.7m146.4-194.3c0 14.9-12 26.8-26.8 26.8-14.9 0-26.8-12-26.8-26.8s12-26.8 26.8-26.8 26.8 12 26.8 26.8m76.1 27.2c-1.7-35.9-9.9-67.7-36.2-93.9-26.2-26.2-58-34.4-93.9-36.2-37-2.1-147.9-2.1-184.9 0-35.8 1.7-67.6 9.9-93.9 36.1s-34.4 58-36.2 93.9c-2.1 37-2.1 147.9 0 184.9 1.7 35.9 9.9 67.7 36.2 93.9s58 34.4 93.9 36.2c37 2.1 147.9 2.1 184.9 0 35.9-1.7 67.7-9.9 93.9-36.2 26.2-26.2 34.4-58 36.2-93.9 2.1-37 2.1-147.8 0-184.8M398.8 388c-7.8 19.6-22.9 34.7-42.6 42.6-29.5 11.7-99.5 9-132.1 9s-102.7 2.6-132.1-9c-19.6-7.8-34.7-22.9-42.6-42.6-11.7-29.5-9-99.5-9-132.1s-2.6-102.7 9-132.1c7.8-19.6 22.9-34.7 42.6-42.6 29.5-11.7 99.5-9 132.1-9s102.7-2.6 132.1 9c19.6 7.8 34.7 22.9 42.6 42.6 11.7 29.5 9 99.5 9 132.1s2.7 102.7-9 132.1"/></svg>
-    </a>
-    <a href="https://facebook.com/neteng.pro/" target="_blank" rel="noopener" title="Network Pro on Facebook" class="md-social__link">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M512 256C512 114.6 397.4 0 256 0S0 114.6 0 256c0 120 82.7 220.8 194.2 248.5V334.2h-52.8V256h52.8v-33.7c0-87.1 39.4-127.5 125-127.5 16.2 0 44.2 3.2 55.7 6.4V172c-6-.6-16.5-1-29.6-1-42 0-58.2 15.9-58.2 57.2V256h83.6l-14.4 78.2H287v175.9C413.8 494.8 512 386.9 512 256"/></svg>
-    </a>
-    <a href="https://linkedin.com/company/netwk-pro/" target="_blank" rel="noopener" title="Network Pro on LinkedIn" class="md-social__link">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3M135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3 0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2 0 38.5 17.3 38.5 38.5 0 21.3-17.2 38.5-38.5 38.5m282.1 243h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9z"/></svg>
-    </a>
-    <a href="https://noc.social/@neteng_pro/" target="_blank" rel="noopener me" title="Network Pro on Mastoon" class="md-social__link">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M433 179.11c0-97.2-63.71-125.7-63.71-125.7-62.52-28.7-228.56-28.4-290.48 0 0 0-63.72 28.5-63.72 125.7 0 115.7-6.6 259.4 105.63 289.1 40.51 10.7 75.32 13 103.33 11.4 50.81-2.8 79.32-18.1 79.32-18.1l-1.7-36.9s-36.31 11.4-77.12 10.1c-40.41-1.4-83-4.4-89.63-54a102.5 102.5 0 0 1-.9-13.9c85.63 20.9 158.65 9.1 178.75 6.7 56.12-6.7 105-41.3 111.23-72.9 9.8-49.8 9-121.5 9-121.5m-75.12 125.2h-46.63v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.33V197c0-58.5-64-56.6-64-6.9v114.2H90.19c0-122.1-5.2-147.9 18.41-175 25.9-28.9 79.82-30.8 103.83 6.1l11.6 19.5 11.6-19.5c24.11-37.1 78.12-34.8 103.83-6.1 23.71 27.3 18.4 53 18.4 175z"/></svg>
-    </a>
-    <a href="https://contact.neteng.pro/" target="_blank" rel="noopener" title="Contact Us" class="md-social__link">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M256 64C150 64 64 150 64 256s86 192 192 192c17.7 0 32 14.3 32 32s-14.3 32-32 32C114.6 512 0 397.4 0 256S114.6 0 256 0s256 114.6 256 256v32c0 53-43 96-96 96-29.3 0-55.6-13.2-73.2-33.9-22.8 21-53.3 33.9-86.8 33.9-70.7 0-128-57.3-128-128s57.3-128 128-128c27.9 0 53.7 8.9 74.7 24.1 5.7-5 13.1-8.1 21.3-8.1 17.7 0 32 14.3 32 32v112c0 17.7 14.3 32 32 32s32-14.3 32-32v-32c0-106-86-192-192-192m64 192a64 64 0 1 0-128 0 64 64 0 1 0 128 0"/></svg>
-    </a>
-</div>
-    </div>
-  </div>
-</footer>
-    </div>
-    <div class="md-dialog" data-md-component="dialog">
-      <div class="md-dialog__inner md-typeset"></div>
-    </div>
-      <div class="md-consent" data-md-component="consent" id="__consent" hidden>
-        <div class="md-consent__overlay"></div>
-        <aside class="md-consent__inner">
-          <form class="md-consent__form md-grid md-typeset" name="consent">
-<h4>Cookie Consent</h4>
-<p>We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better.</p>
-<input class="md-toggle" type="checkbox" id="__settings" >
-<div class="md-consent__settings">
-  <ul class="task-list">
-  <li class="task-list-item">
-    <label class="task-list-control">
-      <input type="checkbox" name="analytics" >
-      <span class="task-list-indicator"></span>
-      Google Analytics
-    </label>
-  </li>
-  <li class="task-list-item">
-    <label class="task-list-control">
-      <input type="checkbox" name="github" checked>
-      <span class="task-list-indicator"></span>
-      GitHub
-    </label>
-  </li>
-  </ul>
-</div>
-<div class="md-consent__controls">
-      <button type="reset" class="md-button md-button--primary">Reject</button>
-      <button class="md-button md-button--primary">Accept</button>
-      <label class="md-button" for="__settings">Manage settings</label>
-</div>
-          </form>
-        </aside>
-      </div>
-      <script>var consent=__md_get("__consent");if(consent)for(var input of document.forms.consent.elements)input.name&&(input.checked=consent[input.name]||!1);else"file:"!==location.protocol&&setTimeout((function(){document.querySelector("[data-md-component=consent]").hidden=!1}),250);var form=document.forms.consent;for(var action of["submit","reset"])form.addEventListener(action,(function(e){if(e.preventDefault(),"reset"===e.type)for(var n of document.forms.consent.elements)n.name&&(n.checked=!1);__md_set("__consent",Object.fromEntries(Array.from(new FormData(form).keys()).map((function(e){return[e,!0]})))),location.hash="",location.reload()}))</script>
-      <script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.instant", "navigation.tracking", "navigation.tabs", "navigation.indexes", "toc.follow", "navigation.top", "search.suggest"], "search": "../../../../assets/javascripts/workers/search.d50fe291.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script>
-      <script src="../../../../assets/javascripts/bundle.13a4f30d.min.js"></script>
-  </body>
-</html>