roles/common: minor changes to Debian sshd_config files
This commit is contained in:
parent
6794eb0432
commit
5c39f1abd8
@ -126,7 +126,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
# AllowTcpForwarding no
|
||||
# PermitTTY no
|
||||
# ForceCommand cvs server
|
||||
|
||||
|
||||
# Based on the ssh-audit profile for OpenSSH 8.4, but with but with all algos
|
||||
# with less than 256 bits removed, as NSA's Suite B removed them years ago and
|
||||
# the new (2018) CNSA suite is 256 bits and up.
|
||||
@ -135,7 +135,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
# See: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
||||
KexAlgorithms curve25519-sha256, curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
|
||||
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
|
||||
|
||||
{% if ssh_allowed_users is defined and ssh_allowed_users %}
|
||||
# Is there a list of allowed users?
|
||||
|
@ -134,7 +134,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
# See: https://github.com/jtesta/ssh-audit/blob/master/src/ssh_audit/policy.py
|
||||
# See: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
|
||||
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
||||
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
|
||||
|
||||
{% if ssh_allowed_users is defined and ssh_allowed_users %}
|
||||
|
Loading…
Reference in New Issue
Block a user