diff options
author | Micah <micah@riseup.net> | 2015-10-06 17:53:48 +0000 |
---|---|---|
committer | Micah <micah@riseup.net> | 2015-10-06 17:53:48 +0000 |
commit | e36a294dceb9504327af84c72f6fb6d4489aeea0 (patch) | |
tree | 9b0a8ce6d0f8b4499c0a0131f43570a7196ab4c4 /templates/sshd_config/Debian_squeeze.erb | |
parent | abd504a5f459873f547ccdf4940c0ac5ae7fe874 (diff) | |
parent | 8acb349e8b116092599acc2e9083d5d6acb4086f (diff) |
Merge branch 'master' into 'master'
choose better MAC for squeeze and wheezy
both squeeze (1:5.5p1-6+squeeze6) and wheezy (1:6.0p1-4+deb7u2) have MACs better than hmac-sha1 available in the default search, they both have hmac-sha2-512, hmac-sha2-256, and hmac-ripemd160. So switch to using hmac-sha2-512, which lets us lock down the client MACs more.
See merge request !19
Diffstat (limited to 'templates/sshd_config/Debian_squeeze.erb')
-rw-r--r-- | templates/sshd_config/Debian_squeeze.erb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index 5845a3d..1483480 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -117,7 +117,7 @@ AllowGroups <%= s %> <% if scope.lookupvar('::sshd::hardened') == 'yes' -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%> |