restrict ssh ciphers
This commit is contained in:
parent
f2844607f3
commit
164d86761e
@ -2,8 +2,8 @@
|
|||||||
pacman: name=openssh state=present
|
pacman: name=openssh state=present
|
||||||
- name: Write sshd_config
|
- name: Write sshd_config
|
||||||
template: src=sshd_config.j2 dest=/etc/ssh/sshd_config mode=0644
|
template: src=sshd_config.j2 dest=/etc/ssh/sshd_config mode=0644
|
||||||
- name: symlink /dev/pts/ptmx to /dev/ptmx for sshd pty
|
- name: Write ssh_config
|
||||||
file: src=/dev/pts/ptmx dest=/dev/ptmx state=link
|
template: src=ssh_config.j2 dest=/etc/ssh/ssh_config mode=0644
|
||||||
- name: create link-ptmx.service
|
- name: create link-ptmx.service
|
||||||
copy: src=link-ptmx.service dest=/etc/systemd/system/link-ptmx.service mode=0644
|
copy: src=link-ptmx.service dest=/etc/systemd/system/link-ptmx.service mode=0644
|
||||||
- name: enable link-ptmx.service
|
- name: enable link-ptmx.service
|
||||||
|
4
roles/container/templates/ssh_config.j2
Normal file
4
roles/container/templates/ssh_config.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Host *
|
||||||
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
||||||
|
Ciphers chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||||
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|
@ -4,9 +4,10 @@ Port 22
|
|||||||
AuthorizedKeysCommand /usr/lib/openssh-ldap-helper/openssh-ldap-helper
|
AuthorizedKeysCommand /usr/lib/openssh-ldap-helper/openssh-ldap-helper
|
||||||
AuthorizedKeysCommandUser root
|
AuthorizedKeysCommandUser root
|
||||||
{% else %}
|
{% else %}
|
||||||
AuthorizedKeysFile .ssh/authorized_keys
|
AuthorizedKeysFile .ssh/authorized_keys
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
PermitRootLogin no
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
ChallengeResponseAuthentication no
|
ChallengeResponseAuthentication no
|
||||||
|
|
||||||
@ -14,4 +15,8 @@ UsePAM yes
|
|||||||
|
|
||||||
PrintMotd no
|
PrintMotd no
|
||||||
UsePrivilegeSeparation sandbox
|
UsePrivilegeSeparation sandbox
|
||||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
Subsystem sftp usr/lib/ssh/sftp-server
|
||||||
|
|
||||||
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
||||||
|
Ciphers chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||||
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|
||||||
|
Loading…
Reference in New Issue
Block a user