Enable $ssh_hardened_ssl for FreeBSD

It is the only sshd_config template that didn't have this option, so copy it from the other templates. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
author: Gabriel Filion <lelutin@gmail.com> 2011-07-16 23:45:24 -0400
committer: Gabriel Filion <lelutin@gmail.com> 2011-07-16 23:45:24 -0400
commit: a5312442b6426951d4f6fa0c89128f4be5d93a5d (patch)
tree: db9642378381b880225ea9e89561c7e8e7b0a39a
parent: b221570654920306e59948dde08378a95fa4612d (diff)
download: puppet-sshd-a5312442b6426951d4f6fa0c89128f4be5d93a5d.tar.gz
puppet-sshd-a5312442b6426951d4f6fa0c89128f4be5d93a5d.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb
index 6714003..38738bc 100644
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -232,6 +232,11 @@ AllowUsers <%= sshd_allowed_users -%>
 AllowGroups <%= sshd_allowed_groups %>
 <%- end %>
 
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
 <%- unless sshd_tail_additional_options.to_s.empty? then %>
 <%= sshd_tail_additional_options %>
 <%- end %>
author	Gabriel Filion <lelutin@gmail.com>	2011-07-16 23:45:24 -0400
committer	Gabriel Filion <lelutin@gmail.com>	2011-07-16 23:45:24 -0400
commit	a5312442b6426951d4f6fa0c89128f4be5d93a5d (patch)
tree	db9642378381b880225ea9e89561c7e8e7b0a39a
parent	b221570654920306e59948dde08378a95fa4612d (diff)
download	puppet-sshd-a5312442b6426951d4f6fa0c89128f4be5d93a5d.tar.gz puppet-sshd-a5312442b6426951d4f6fa0c89128f4be5d93a5d.tar.bz2