aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-02-23 14:40:02 -0300
committerSilvio Rhatto <rhatto@riseup.net>2011-02-23 14:40:02 -0300
commit75105d66d89671943a1eb1f37573b4e63dd33919 (patch)
tree2088a94dd636c4cbe80dbc80c8c235fa4c233e46
parent9ac4697eb546304ebc20d85aeeb93a73ca0fed5c (diff)
downloadpuppet-sshd-75105d66d89671943a1eb1f37573b4e63dd33919.tar.gz
puppet-sshd-75105d66d89671943a1eb1f37573b4e63dd33919.tar.bz2
Adding sshd_use_strong_ciphers to all sshd_config templates
-rw-r--r--templates/sshd_config/CentOS.erb5
-rw-r--r--templates/sshd_config/Debian_etch.erb4
-rw-r--r--templates/sshd_config/Debian_squeeze.erb2
-rw-r--r--templates/sshd_config/Gentoo.erb5
-rw-r--r--templates/sshd_config/OpenBSD.erb5
-rw-r--r--templates/sshd_config/Ubuntu_lucid.erb4
6 files changed, 23 insertions, 2 deletions
diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index 544effe..f2ad175 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -207,3 +207,8 @@ AllowGroups <%= sshd_allowed_groups %>
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
+
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index d0d7175..562b1ef 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -182,3 +182,7 @@ AllowGroups <%= sshd_allowed_groups %>
<%= sshd_tail_additional_options %>
<%- end %>
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index 38f8657..53175dd 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -204,6 +204,6 @@ AllowGroups <%= sshd_allowed_groups %>
<%- end %>
<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
-Ciphers aes256-ctr
+Ciphers aes128-ctr
MACs hmac-sha1
<%- end %>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 768d3f5..85ff9d9 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -213,4 +213,7 @@ AllowGroups <%= sshd_allowed_groups %>
<%= sshd_tail_additional_options %>
<%- end %>
-
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index 51662d3..63c4ff1 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -187,3 +187,8 @@ AllowGroups <%= sshd_allowed_groups %>
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
+
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index d5c9c31..904a409 100644
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -188,3 +188,7 @@ PrintMotd no
<%= sshd_tail_additional_options %>
<%- end %>
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>