alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: minor changes to Debian sshd_config files

Browse Source
This commit is contained in:
Alan Orth 2023-08-10 22:10:04 +02:00
parent 6794eb0432
commit 5c39f1abd8
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/common/templates/sshd_config_Debian-11.j2
View File

@ -126,7 +126,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
# AllowTcpForwarding no # AllowTcpForwarding no
# PermitTTY no # PermitTTY no
# ForceCommand cvs server # ForceCommand cvs server
# Based on the ssh-audit profile for OpenSSH 8.4, but with but with all algos # Based on the ssh-audit profile for OpenSSH 8.4, but with but with all algos
# with less than 256 bits removed, as NSA's Suite B removed them years ago and # with less than 256 bits removed, as NSA's Suite B removed them years ago and
# the new (2018) CNSA suite is 256 bits and up. # the new (2018) CNSA suite is 256 bits and up.
@ -135,7 +135,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
# See: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite # See: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms curve25519-sha256, curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %} {% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users? # Is there a list of allowed users?

2
roles/common/templates/sshd_config_Debian-12.j2
View File

@ -134,7 +134,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
# See: https://github.com/jtesta/ssh-audit/blob/master/src/ssh_audit/policy.py # See: https://github.com/jtesta/ssh-audit/blob/master/src/ssh_audit/policy.py
# See: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite # See: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %} {% if ssh_allowed_users is defined and ssh_allowed_users %}