From 30a4593a05a09b669a9cd8fff4318779a532b123 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 16 Dec 2010 20:20:53 -0200
Subject: Introducing perfect forward secrecy for SSH

---
 templates/sshd_config/Debian_lenny.erb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'templates/sshd_config/Debian_lenny.erb')

diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index 5f7afb4..3e4d1f7 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -190,3 +190,7 @@ PrintMotd no
 <%= sshd_tail_additional_options %>
 <%- end %>
 
+<%- if sshd_perfect_forward_secrecy.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end %>
-- 
cgit v1.2.3