diff options
| -rw-r--r-- | manifests/init.pp | 3 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_lenny.erb | 4 |
2 files changed, 7 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index c0a8cd5..ede4fdc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -217,6 +217,9 @@ class sshd { case $sshd_shared_ip { '': { $sshd_shared_ip = "no" } } + case $sshd_perfect_forward_secrecy { + '': { $sshd_perfect_forward_secrecy = "no" } + } include sshd::client diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 5f7afb4..3e4d1f7 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -190,3 +190,7 @@ PrintMotd no <%= sshd_tail_additional_options %> <%- end %> +<%- if sshd_perfect_forward_secrecy.to_s == 'yes' then -%> +Ciphers aes256-ctr +MACs hmac-sha1 +<%- end %> |