diff options
| -rw-r--r-- | templates/sshd_config/Debian_jessie.erb | 2 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_sid.erb | 2 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_squeeze.erb | 4 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_wheezy.erb | 4 | ||||
| -rw-r--r-- | templates/sshd_config/Ubuntu.erb | 2 | ||||
| -rw-r--r-- | templates/sshd_config/Ubuntu_lucid.erb | 2 |
6 files changed, 14 insertions, 2 deletions
diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb index 0f39252..91dbfff 100644 --- a/templates/sshd_config/Debian_jessie.erb +++ b/templates/sshd_config/Debian_jessie.erb @@ -83,6 +83,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb index 0f39252..91dbfff 100644 --- a/templates/sshd_config/Debian_sid.erb +++ b/templates/sshd_config/Debian_sid.erb @@ -83,6 +83,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index 5845a3d..649b320 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -87,6 +87,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* @@ -117,7 +119,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('::sshd::hardened') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb index f9a476b..bcb1528 100644 --- a/templates/sshd_config/Debian_wheezy.erb +++ b/templates/sshd_config/Debian_wheezy.erb @@ -86,6 +86,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* @@ -121,7 +123,7 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com <% else -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% end -%> diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb index c71e00b..a326ab8 100644 --- a/templates/sshd_config/Ubuntu.erb +++ b/templates/sshd_config/Ubuntu.erb @@ -87,6 +87,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb index 7544f00..be7c56d 100644 --- a/templates/sshd_config/Ubuntu_lucid.erb +++ b/templates/sshd_config/Ubuntu_lucid.erb @@ -88,6 +88,8 @@ KeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no #ReverseMappingCheck yes Subsystem sftp <%= (s=scope.lookupvar('::sshd::sftp_subsystem')).empty? ? '/usr/lib/openssh/sftp-server' : s %> |