Introducing perfect forward secrecy for SSH

author: Silvio Rhatto <rhatto@riseup.net> 2010-12-16 20:20:53 -0200
committer: Silvio Rhatto <rhatto@riseup.net> 2010-12-16 20:20:53 -0200
commit: 30a4593a05a09b669a9cd8fff4318779a532b123 (patch)
tree: 6d29732b54f3e845d3bb355491df3200315e043e /templates/sshd_config
parent: 2c9e690d90e8fda3ad9b9ed7dc755c198127df7d (diff)
download: puppet-sshd-30a4593a05a09b669a9cd8fff4318779a532b123.tar.gz
puppet-sshd-30a4593a05a09b669a9cd8fff4318779a532b123.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index 5f7afb4..3e4d1f7 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -190,3 +190,7 @@ PrintMotd no
 <%= sshd_tail_additional_options %>
 <%- end %>
 
+<%- if sshd_perfect_forward_secrecy.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end %>
author	Silvio Rhatto <rhatto@riseup.net>	2010-12-16 20:20:53 -0200
committer	Silvio Rhatto <rhatto@riseup.net>	2010-12-16 20:20:53 -0200
commit	30a4593a05a09b669a9cd8fff4318779a532b123 (patch)
tree	6d29732b54f3e845d3bb355491df3200315e043e /templates/sshd_config
parent	2c9e690d90e8fda3ad9b9ed7dc755c198127df7d (diff)
download	puppet-sshd-30a4593a05a09b669a9cd8fff4318779a532b123.tar.gz puppet-sshd-30a4593a05a09b669a9cd8fff4318779a532b123.tar.bz2