alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: Update KexAlgorithms in Ubuntu 20.04 sshd_config

Browse Source 
Recommended by ssh-audit. Note that curve25519-sha256 is the new name
for the previously private implementation in libssh.
This commit is contained in:
Alan Orth 2021-07-22 12:57:31 +03:00
parent 9ea14de6f5
commit 1c95c1faa8
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/common/templates/sshd_config_Ubuntu-20.04.j2
View File

@ -129,7 +129,7 @@ PasswordAuthentication yes
# does away with these! See: https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml # does away with these! See: https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %} {% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users? # Is there a list of allowed users?