roles/common: Update KexAlgorithms in Ubuntu 20.04 sshd_config

Recommended by ssh-audit. Note that curve25519-sha256 is the new name
for the previously private implementation in libssh.
This commit is contained in:
Alan Orth 2021-07-22 12:57:31 +03:00
parent 9ea14de6f5
commit 1c95c1faa8
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9

View File

@ -129,7 +129,7 @@ PasswordAuthentication yes
# does away with these! See: https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users?