defaults: enable secure defaults on sshd_config

This commit is contained in:
ek9 2017-02-19 14:45:12 +01:00
parent ec796662bc
commit f5a74f3fa0

View File

@ -10,6 +10,26 @@ openssh:
dig_pkg: dnsutils dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli ssh_moduli: /etc/ssh/moduli
root_group: root root_group: root
KexAlgorithms:
- 'curve25519-sha256@libssh.org'
- 'diffie-hellman-group-exchange-sha256'
Ciphers:
- 'chacha20-poly1305@openssh.com'
- 'aes256-gcm@openssh.com'
- 'aes128-gcm@openssh.com'
- 'aes256-ctr'
- 'aes192-ctr'
- 'aes128-ctr'
MACs:
- 'hmac-sha2-512-etm@openssh.com'
- 'hmac-sha2-256-etm@openssh.com'
- 'hmac-ripemd160-etm@openssh.com'
- 'umac-128-etm@openssh.com'
- 'hmac-sha2-512'
- 'hmac-sha2-256'
- 'hmac-ripemd160'
- 'umac-128@openssh.com'
sshd_config: {} sshd_config: {}
ssh_config: ssh_config:
Hosts: Hosts: