New opt-in support to only use strong SSL ciphers and MACs.

The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git.
author: intrigeri <intrigeri@boum.org> 2011-03-06 09:10:44 +0100
committer: intrigeri <intrigeri@boum.org> 2011-06-21 00:27:55 +0200
commit: 34863e959fcd05dd325a658561f14580d49b6764 (patch)
tree: 5deef5ff63629e746d3b3abc6b36b4baf31d2331 /templates/sshd_config/Gentoo.erb
parent: af76f6cfe70c416cbbf72f9c685a0d54c6eb4afb (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 768d3f5..f9f5b23 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -208,6 +208,10 @@ AllowUsers <%= sshd_allowed_users %>
 AllowGroups <%= sshd_allowed_groups %>
 <%- end %>
 
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
 
 <%- unless sshd_tail_additional_options.to_s.empty? then %>
 <%= sshd_tail_additional_options %>
author	intrigeri <intrigeri@boum.org>	2011-03-06 09:10:44 +0100
committer	intrigeri <intrigeri@boum.org>	2011-06-21 00:27:55 +0200
commit	34863e959fcd05dd325a658561f14580d49b6764 (patch)
tree	5deef5ff63629e746d3b3abc6b36b4baf31d2331 /templates/sshd_config/Gentoo.erb
parent	af76f6cfe70c416cbbf72f9c685a0d54c6eb4afb (diff)