From c110a24e9fdfade9170770d29c3c86f6b10aae66 Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Fri, 24 Apr 2020 00:12:02 +0200 Subject: [PATCH] common: sshd: Disable weak key algorithms --- roles/common/templates/0_main.sshd_config | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/common/templates/0_main.sshd_config b/roles/common/templates/0_main.sshd_config index a39754e..8e3ee0c 100644 --- a/roles/common/templates/0_main.sshd_config +++ b/roles/common/templates/0_main.sshd_config @@ -113,6 +113,11 @@ AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server +# Disable weak key algorithms +HostKeyAlgorithms -ecdsa-sha2-nistp256 +KexAlgorithms -diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 +MACs -hmac-sha1,hmac-sha2-256,hmac-sha2-512,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no