From 75105d66d89671943a1eb1f37573b4e63dd33919 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Wed, 23 Feb 2011 14:40:02 -0300
Subject: Adding sshd_use_strong_ciphers to all sshd_config templates

---
 templates/sshd_config/CentOS.erb         | 5 +++++
 templates/sshd_config/Debian_etch.erb    | 4 ++++
 templates/sshd_config/Debian_squeeze.erb | 2 +-
 templates/sshd_config/Gentoo.erb         | 5 ++++-
 templates/sshd_config/OpenBSD.erb        | 5 +++++
 templates/sshd_config/Ubuntu_lucid.erb   | 4 ++++
 6 files changed, 23 insertions(+), 2 deletions(-)

(limited to 'templates')

diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index 544effe..f2ad175 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -207,3 +207,8 @@ AllowGroups <%= sshd_allowed_groups %>
 <%- unless sshd_tail_additional_options.to_s.empty? then %>
 <%= sshd_tail_additional_options %>
 <%- end %>
+
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index d0d7175..562b1ef 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -182,3 +182,7 @@ AllowGroups <%= sshd_allowed_groups %>
 <%= sshd_tail_additional_options %>
 <%- end %>
 
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index 38f8657..53175dd 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -204,6 +204,6 @@ AllowGroups <%= sshd_allowed_groups %>
 <%- end %>
 
 <%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
-Ciphers aes256-ctr
+Ciphers aes128-ctr
 MACs hmac-sha1
 <%- end %>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 768d3f5..85ff9d9 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -213,4 +213,7 @@ AllowGroups <%= sshd_allowed_groups %>
 <%= sshd_tail_additional_options %>
 <%- end %>
 
-
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index 51662d3..63c4ff1 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -187,3 +187,8 @@ AllowGroups <%= sshd_allowed_groups %>
 <%- unless sshd_tail_additional_options.to_s.empty? then %>
 <%= sshd_tail_additional_options %>
 <%- end %>
+
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index d5c9c31..904a409 100644
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -188,3 +188,7 @@ PrintMotd no
 <%= sshd_tail_additional_options %>
 <%- end %>
 
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
+Ciphers aes128-ctr
+MACs hmac-sha1
+<%- end %>
-- 
cgit v1.2.3