From 1402e67b2143dca464905bb6d95410a4ee862255 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Fri, 1 May 2015 13:57:37 -0400
Subject: Implement enhanced symmetric cipher selection, based on
 https://stribika.github.io/2015/01/04/secure-secure-shell.html and version of
 openssh installed

---
 templates/sshd_config/Debian_wheezy.erb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'templates/sshd_config/Debian_wheezy.erb')

diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb
index e8465ea..214fbd9 100644
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -117,8 +117,10 @@ AllowGroups <%= s %>
 <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
 KexAlgorithms curve25519-sha256@libssh.org
-<% end -%>
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
+<% else -%>
 Ciphers aes256-ctr
+<% end -%>
 MACs hmac-sha1
 <% end -%>
 
-- 
cgit v1.2.3