Kaynağa Gözat

use mozilla sshd config on algorithms

Óscar Nájera 6 yıl önce
ebeveyn
işleme
ae0594dc4a
1 değiştirilmiş dosya ile 4 ekleme ve 3 silme
  1. 4
    3
      roles/common/defaults/main.yml

+ 4
- 3
roles/common/defaults/main.yml Dosyayı Görüntüle

@@ -15,9 +15,10 @@ encfs_password: "{{ lookup('password', secret + '/' + 'encfs_password', length=3
15 15
 letsencrypt_server: "https://acme-v01.api.letsencrypt.org/directory"
16 16
 
17 17
 # ssh
18
-kex_algorithms: "diffie-hellman-group-exchange-sha256"
19
-ciphers: "aes256-ctr,aes192-ctr,aes128-ctr"
20
-macs: "hmac-sha2-512,hmac-sha2-256,hmac-ripemd160"
18
+# Following https://infosec.mozilla.org/guidelines/openssh
19
+kex_algorithms: "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256"
20
+ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"
21
+macs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com"
21 22
 
22 23
 # ntp
23 24
 ntp_servers:

Loading…
İptal
Kaydet