alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
958 Commits 2 Branches 0 Tags 4.2 MiB
899e87321b
Commit Graph

6 Commits

Author SHA1 Message Date
Alan Orth
6794eb0432
roles/common: default to disabling SSH passwords 2023-08-10 22:09:03 +02:00
Alan Orth
1c95c1faa8
roles/common: Update KexAlgorithms in Ubuntu 20.04 sshd_config 
Recommended by ssh-audit. Note that curve25519-sha256 is the new name
for the previously private implementation in libssh.
 2021-07-22 12:57:31 +03:00
Alan Orth
9ea14de6f5
roles/common: Remove Encrypt-and-MAC modes from Ubuntu 20.04 sshd_config 
Recommended by ssh-audit, but also generally the concensus for a few
years that Encrypt-and-MAC is hard to get right. OpenSSH has several
Encrypt-then-MAC schemes available so we can use those.

See: https://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html
 2021-07-22 12:48:12 +03:00
Alan Orth
4edf92fe0d
roles/common: Allow adding extra SSH users 2020-12-08 23:15:51 +02:00
Alan Orth
6fcb1290fe roles/common: Port sshd_config changes from Debian 10 to Ubuntu 20.04 
By now the recommendations we were using as guidance are five years
old. The ciphers have not changed much since then.
 2020-06-08 12:15:29 +03:00
Alan Orth
5a58d93dfe roles/common: Import sshd_config for Ubuntu 20.04 2020-06-08 12:15:29 +03:00