vor 9 Jahren · e4a9c15987
--- a/templates/sshd_config/CentOS_6.erb
+++ b/templates/sshd_config/CentOS_6.erb
@@ -154,11 +154,12 @@ AllowGroups <%= s %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 # Example of overriding settings on a per-user basis
			
 
				 #Match User anoncvs
			
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@@ -168,11 +168,12 @@ AllowGroups <%= s %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 # Example of overriding settings on a per-user basis
			
 
				 #Match User anoncvs
			
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -114,7 +114,7 @@ AllowGroups <%= s %>
 
				 <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				-MACs hmac-sha1
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -114,7 +114,7 @@ AllowGroups <%= s %>
 
				 <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				-MACs hmac-sha1
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -118,11 +118,12 @@ AllowGroups <%= s %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
 
				 <%= s %>
			
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -156,11 +156,12 @@ AllowGroups <%= s %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
 
				 <%= s %>
			
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -151,11 +151,12 @@ AllowGroups <%= s %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
 
				 <%= s %>
			
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -132,11 +132,12 @@ AllowGroups <%= s %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
 
				 <%= s %>
			
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -119,11 +119,12 @@ AllowGroups <%= s %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
 
				 <%= s %>
			
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -122,11 +122,12 @@ PrintMotd <%= scope.lookupvar('sshd::print_motd') %>
 
				 <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%>
			
 
				 KexAlgorithms curve25519-sha256@libssh.org
			
 
				 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
			
 
				 <% else -%>
			
 
				 Ciphers aes256-ctr
			
 
				-<% end -%>
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
 
				+<% end -%>
			
 
				 
			
 
				 <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%>
			
 
				 <%= s %>