Micah Anderson
e4a9c15987
Implement enhanced MAC (Message Authentication Codes) according to
...
installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html
2015-05-04 15:42:26 -04:00
Micah Anderson
1402e67b21
Implement enhanced symmetric cipher selection, based on
...
https://stribika.github.io/2015/01/04/secure-secure-shell.html and
version of openssh installed
2015-05-04 15:42:26 -04:00
Micah Anderson
430c48200e
Implement KexAlgorithms settings, based on Key exchange section of
...
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Note, that on some systems it is uncertain if they will have a new
enough version of openssh installed, so on those a version test is done
to see before setting them.
2015-05-04 15:42:26 -04:00
Micah Anderson
fd82841c1f
Change 'hardened_ssl' paramter to simply 'hardened', this makes more
...
sense in general
2015-05-04 15:42:26 -04:00
Micah Anderson
d78749fd8f
Add a $hostkey_type variable that allows you to set which hostkey
...
types you want to support in your sshd_config.
We use the ssh_version fact to determine the default hostkey types.
Only enable rsa and ed25519 for ssh versions greater or equal
to 6.5, otherwise enable rsa and dsa.
Some distributions, such as debian, also enable ecdsa as a hostkey
type, but this is a known bad NIST curve, so we do not enable that
by default (thus deviating from the stock sshd config)
2014-11-21 21:20:29 -05:00
Micah Anderson
37bd36fe06
Revert "get ecdsa host keys in Debian Wheezy"
...
This reverts commit 1eabfe1b59
2014-11-01 10:29:48 -04:00
kwadronaut
1eabfe1b59
get ecdsa host keys in Debian Wheezy
2013-11-08 21:59:25 +01:00
mh
5b86606d59
correct variable naming
2012-06-18 17:43:48 -03:00
mh
2204eb01f6
new style for 2.7
2012-06-05 18:23:03 -03:00
intrigeri
005baf59c5
Add sshd_config template for Debian Wheezy.
...
Currently, this is a symlink to the Debian sid's one, which I've recently
resync'd. Once Wheezy is frozen, we'll want to fork its own template.
2011-06-21 00:28:37 +02:00
