aboutsummaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
Diffstat (limited to 'templates')
-rw-r--r--templates/sshd_config/CentOS.erb5
-rw-r--r--templates/sshd_config/Debian_etch.erb5
-rw-r--r--templates/sshd_config/Debian_lenny.erb5
-rw-r--r--templates/sshd_config/Debian_sid.erb5
-rw-r--r--templates/sshd_config/Debian_squeeze.erb5
-rw-r--r--templates/sshd_config/Gentoo.erb4
-rw-r--r--templates/sshd_config/OpenBSD.erb5
7 files changed, 34 insertions, 0 deletions
diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index 544effe..859759a 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -204,6 +204,11 @@ AllowUsers <%= sshd_allowed_users %>
AllowGroups <%= sshd_allowed_groups %>
<%- end -%>
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index c90a5fe..23559fc 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -172,6 +172,11 @@ AllowGroups <%= sshd_allowed_groups %>
PrintMotd no
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index 14e32bf..65befdc 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -181,6 +181,11 @@ AllowGroups <%= sshd_allowed_groups %>
PrintMotd no
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index 6dc9333..0213342 100644
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -197,6 +197,11 @@ AllowUsers <%= sshd_allowed_users -%>
AllowGroups <%= sshd_allowed_groups %>
<%- end %>
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index cf50ddb..dfebcc3 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -197,6 +197,11 @@ AllowUsers <%= sshd_allowed_users -%>
AllowGroups <%= sshd_allowed_groups %>
<%- end %>
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 768d3f5..f9f5b23 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -208,6 +208,10 @@ AllowUsers <%= sshd_allowed_users %>
AllowGroups <%= sshd_allowed_groups %>
<%- end %>
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index 51662d3..7a20cd9 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -184,6 +184,11 @@ AllowGroups <%= sshd_allowed_groups %>
# AllowTcpForwarding no
# ForceCommand cvs server
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>