@bazbremner raised this point in the GH-141 and myself and @atomic111 had this topic also in some phone call in the last days

So we should check following things:

• kex, macs, ciphers
• used algorithms for public key authentication - currently we use RSA and ECDSA, DSA is going to be removed (Removal of DSA key from defaults #161)

My idea would be to go completely through the following docs and check the things above:

• https://stribika.github.io/2015/01/04/secure-secure-shell.html
• https://bettercrypto.org/static/applied-crypto-hardening.pdf

I already have some interesting findings: as I said above, we use ECDSA and here the snippet from the blogpost of @stribika:

2. ECDSA with SHA256, SHA384 or SHA512 depending on key size
   ...
   Number 2 here involves NIST suckage and should be disabled as well. Another important disadvantage of DSA and ECDSA is that it uses randomness for each signature. If the random numbers are not the best quality, then it is possible to recover the secret key.

Maybe it would be also nice to ask @stribika for a review of our findings and changes.

@atomic111 what do you think? something I missed? Do you have time to do this in the next week, if not - its fine, I can do this and you can review it :)