|
|
33cdcc9ad1
|
roles/common: Add a few SHA-2 MACs to sshd_config
Fixes a problem with Paramiko, which Ansible uses for transport.
See: http://www.paramiko.org/changelog.html#1.16.0
See: https://github.com/ilri/rmg-ansible-public/issues/37
|
2016-08-16 14:24:53 +03:00 |
|
|
|
973b37be4e
|
roles/common: Tweak sshd_config to match NSA Suite B recommendations
NSA stopped recommending AES-128 in August, 2015...
Before: https://web.archive.org/web/20150403110658/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
After: https://web.archive.org/web/20150815072948/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
I don't see why we shouldn't follow suit; maybe they know something
we don't!
Signed-off-by: Alan Orth <alan.orth@gmail.com>
|
2015-09-02 16:55:51 +03:00 |
|
|
|
8b336352d7
|
roles/common: Only allow ssh access by provisioning user
Signed-off-by: Alan Orth <alan.orth@gmail.com>
|
2015-09-02 12:24:11 +03:00 |
|
|
|
13b592dfcd
|
roles/common: Tune sshd_config to be more strict
Disable ECDSA as a signature algorithm and drop some older message
authentication algorithms.
See: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
|
2015-01-07 01:47:06 +03:00 |
|
|
|
a80cb49957
|
roles/common: Update sshd_config template to explicitly allow the provisioning user
Signed-off-by: Alan Orth <alan.orth@gmail.com>
|
2015-01-06 17:45:06 +03:00 |
|
|
|
60b8ecdd4c
|
Initial commit
Signed-off-by: Alan Orth <alan.orth@gmail.com>
|
2014-08-17 00:35:57 +03:00 |
|
