Micah Anderson
e4a9c15987
Implement enhanced MAC (Message Authentication Codes) according to
...
installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html
2015-05-04 15:42:26 -04:00
Micah Anderson
1402e67b21
Implement enhanced symmetric cipher selection, based on
...
https://stribika.github.io/2015/01/04/secure-secure-shell.html and
version of openssh installed
2015-05-04 15:42:26 -04:00
Micah Anderson
430c48200e
Implement KexAlgorithms settings, based on Key exchange section of
...
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Note, that on some systems it is uncertain if they will have a new
enough version of openssh installed, so on those a version test is done
to see before setting them.
2015-05-04 15:42:26 -04:00
Micah Anderson
fd82841c1f
Change 'hardened_ssl' paramter to simply 'hardened', this makes more
...
sense in general
2015-05-04 15:42:26 -04:00
Micah Anderson
d78749fd8f
Add a $hostkey_type variable that allows you to set which hostkey
...
types you want to support in your sshd_config.
We use the ssh_version fact to determine the default hostkey types.
Only enable rsa and ed25519 for ssh versions greater or equal
to 6.5, otherwise enable rsa and dsa.
Some distributions, such as debian, also enable ecdsa as a hostkey
type, but this is a known bad NIST curve, so we do not enable that
by default (thus deviating from the stock sshd config)
2014-11-21 21:20:29 -05:00
intrigeri
254d2361f5
Copy the Debian sid template to a new one for Jessie.
...
Another option could be to symlink it, but the freeze is coming soon, so most
likely they'll start to diverge at some point.
2014-09-17 20:44:12 +00:00
