From 443683c33df8c6c9a4d5766fdbc4ac2d92f0a67c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 16 Jul 2013 15:26:56 -0300 Subject: OpenSSH HMAC: SHA1 -> SHA2-512 (suggested by duraconf) --- templates/sshd_config/CentOS.erb | 2 +- templates/sshd_config/CentOS_Final.erb | 2 +- templates/sshd_config/Debian_etch.erb | 2 +- templates/sshd_config/Debian_lenny.erb | 2 +- templates/sshd_config/Debian_sid.erb | 2 +- templates/sshd_config/Debian_squeeze.erb | 2 +- templates/sshd_config/Debian_wheezy.erb | 2 +- templates/sshd_config/FreeBSD.erb | 2 +- templates/sshd_config/Gentoo.erb | 2 +- templates/sshd_config/OpenBSD.erb | 2 +- templates/sshd_config/Ubuntu.erb | 2 +- templates/sshd_config/Ubuntu_lucid.erb | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) (limited to 'templates/sshd_config') diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb index 0f4bb1f..7498517 100644 --- a/templates/sshd_config/CentOS.erb +++ b/templates/sshd_config/CentOS.erb @@ -146,7 +146,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/CentOS_Final.erb b/templates/sshd_config/CentOS_Final.erb index 0f4bb1f..7498517 100644 --- a/templates/sshd_config/CentOS_Final.erb +++ b/templates/sshd_config/CentOS_Final.erb @@ -146,7 +146,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index ef4a5d1..75b2931 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -114,7 +114,7 @@ PrintMotd <%= scope.lookupvar('sshd::print_motd') %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 8cbea30..3aaf974 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -119,7 +119,7 @@ PrintMotd <%= scope.lookupvar('sshd::print_motd') %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb index 70bb4bf..60c15fa 100644 --- a/templates/sshd_config/Debian_sid.erb +++ b/templates/sshd_config/Debian_sid.erb @@ -115,7 +115,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index befd25f..40040d1 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -115,7 +115,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb index 70bb4bf..60c15fa 100644 --- a/templates/sshd_config/Debian_wheezy.erb +++ b/templates/sshd_config/Debian_wheezy.erb @@ -115,7 +115,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb index 090149b..81b7e10 100644 --- a/templates/sshd_config/FreeBSD.erb +++ b/templates/sshd_config/FreeBSD.erb @@ -153,7 +153,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index 1cb4522..cdd51d8 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -149,7 +149,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index aa92eb6..ea6e8a8 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -130,7 +130,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb index befd25f..40040d1 100644 --- a/templates/sshd_config/Ubuntu.erb +++ b/templates/sshd_config/Ubuntu.erb @@ -115,7 +115,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb index cc6e921..4d5f640 100644 --- a/templates/sshd_config/Ubuntu_lucid.erb +++ b/templates/sshd_config/Ubuntu_lucid.erb @@ -118,7 +118,7 @@ PrintMotd <%= scope.lookupvar('sshd::print_motd') %> <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> -- cgit v1.2.3