From e4a9c15987372e63ace244a92619bdd2e4c5407a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 1 May 2015 14:00:56 -0400 Subject: Implement enhanced MAC (Message Authentication Codes) according to installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html --- templates/sshd_config/Debian_wheezy.erb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'templates/sshd_config/Debian_wheezy.erb') diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb index 214fbd9..961b26d 100644 --- a/templates/sshd_config/Debian_wheezy.erb +++ b/templates/sshd_config/Debian_wheezy.erb @@ -118,11 +118,12 @@ AllowGroups <%= s %> <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%> KexAlgorithms curve25519-sha256@libssh.org Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com <% else -%> Ciphers aes256-ctr -<% end -%> MACs hmac-sha1 <% end -%> +<% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> <%= s %> -- cgit v1.2.3