From 1402e67b2143dca464905bb6d95410a4ee862255 Mon Sep 17 00:00:00 2001 From: Micah Anderson <micah@riseup.net> Date: Fri, 1 May 2015 13:57:37 -0400 Subject: Implement enhanced symmetric cipher selection, based on https://stribika.github.io/2015/01/04/secure-secure-shell.html and version of openssh installed --- templates/sshd_config/Debian_wheezy.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'templates/sshd_config/Debian_wheezy.erb') diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb index e8465ea..214fbd9 100644 --- a/templates/sshd_config/Debian_wheezy.erb +++ b/templates/sshd_config/Debian_wheezy.erb @@ -117,8 +117,10 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened') == 'yes' -%> <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%> KexAlgorithms curve25519-sha256@libssh.org -<% end -%> +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr +<% else -%> Ciphers aes256-ctr +<% end -%> MACs hmac-sha1 <% end -%> -- cgit v1.2.3