From a5312442b6426951d4f6fa0c89128f4be5d93a5d Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 16 Jul 2011 23:45:24 -0400 Subject: Enable $ssh_hardened_ssl for FreeBSD It is the only sshd_config template that didn't have this option, so copy it from the other templates. Signed-off-by: Gabriel Filion --- templates/sshd_config/FreeBSD.erb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'templates/sshd_config') diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb index 6714003..38738bc 100644 --- a/templates/sshd_config/FreeBSD.erb +++ b/templates/sshd_config/FreeBSD.erb @@ -232,6 +232,11 @@ AllowUsers <%= sshd_allowed_users -%> AllowGroups <%= sshd_allowed_groups %> <%- end %> +<%- if sshd_hardened_ssl.to_s == 'yes' then -%> +Ciphers aes256-ctr +MACs hmac-sha1 +<%- end -%> + <%- unless sshd_tail_additional_options.to_s.empty? then %> <%= sshd_tail_additional_options %> <%- end %> -- cgit v1.2.3