Alan Orth
1c95c1faa8
roles/common: Update KexAlgorithms in Ubuntu 20.04 sshd_config
...
Recommended by ssh-audit. Note that curve25519-sha256 is the new name
for the previously private implementation in libssh.
2021-07-22 12:57:31 +03:00
Alan Orth
9ea14de6f5
roles/common: Remove Encrypt-and-MAC modes from Ubuntu 20.04 sshd_config
...
Recommended by ssh-audit, but also generally the concensus for a few
years that Encrypt-and-MAC is hard to get right. OpenSSH has several
Encrypt-then-MAC schemes available so we can use those.
See: https://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html
2021-07-22 12:48:12 +03:00
Alan Orth
4edf92fe0d
roles/common: Allow adding extra SSH users
2020-12-08 23:15:51 +02:00
Alan Orth
6fcb1290fe
roles/common: Port sshd_config changes from Debian 10 to Ubuntu 20.04
...
By now the recommendations we were using as guidance are five years
old. The ciphers have not changed much since then.
2020-06-08 12:15:29 +03:00
Alan Orth
5a58d93dfe
roles/common: Import sshd_config for Ubuntu 20.04
2020-06-08 12:15:29 +03:00
Alan Orth