update..
This commit is contained in:
@ -224,171 +224,9 @@ RequiredRSASize {{ sshd_required_rsa_size }}
|
||||
# RequiredRSASize 1024
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if (fact_sshd_pubkey_accepted_algorithms is defined) and fact_sshd_pubkey_accepted_algorithms %}
|
||||
|
||||
# PubkeyAcceptedAlgorithms
|
||||
#
|
||||
# Specifies the signature algorithms that will be accepted for public key authentication as a list of
|
||||
# comma-separated patterns. Alternately if the specified list begins with a '+' character, then the spec‐
|
||||
# ified algorithms will be appended to the default set instead of replacing them. If the specified list
|
||||
# begins with a '-' character, then the specified algorithms (including wildcards) will be removed from
|
||||
# the default set instead of replacing them. If the specified list begins with a '^' character, then the
|
||||
# specified algorithms will be placed at the head of the default set. The default for this option is:
|
||||
#
|
||||
# ssh-ed25519-cert-v01@openssh.com,
|
||||
# ecdsa-sha2-nistp256-cert-v01@openssh.com,
|
||||
# ecdsa-sha2-nistp384-cert-v01@openssh.com,
|
||||
# ecdsa-sha2-nistp521-cert-v01@openssh.com,
|
||||
# sk-ssh-ed25519-cert-v01@openssh.com,
|
||||
# sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
|
||||
# rsa-sha2-512-cert-v01@openssh.com,
|
||||
# rsa-sha2-256-cert-v01@openssh.com,
|
||||
# ssh-ed25519,
|
||||
# ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
|
||||
# sk-ssh-ed25519@openssh.com,
|
||||
# sk-ecdsa-sha2-nistp256@openssh.com,
|
||||
# rsa-sha2-512,rsa-sha2-256
|
||||
#
|
||||
# The list of available signature algorithms may also be obtained using
|
||||
# "ssh -Q PubkeyAcceptedAlgorithms"
|
||||
#
|
||||
PubkeyAcceptedAlgorithms {{ fact_sshd_pubkey_accepted_algorithms }}
|
||||
{% endif %}
|
||||
|
||||
# KexAlgorithms
|
||||
#
|
||||
# Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated.
|
||||
# Alternately if the specified value begins with a '+' character, then the specified methods will be ap‐
|
||||
# pended to the default set instead of replacing them. If the specified value begins with a '-' charac‐
|
||||
# ter, then the specified methods (including wildcards) will be removed from the default set instead of
|
||||
# replacing them. The supported algorithms are:
|
||||
#
|
||||
# curve25519-sha256
|
||||
# curve25519-sha256@libssh.org
|
||||
# diffie-hellman-group1-sha1
|
||||
# diffie-hellman-group14-sha1
|
||||
# diffie-hellman-group14-sha256
|
||||
# diffie-hellman-group16-sha512
|
||||
# diffie-hellman-group18-sha512
|
||||
# diffie-hellman-group-exchange-sha1
|
||||
# diffie-hellman-group-exchange-sha256
|
||||
# ecdh-sha2-nistp256
|
||||
# ecdh-sha2-nistp384
|
||||
# ecdh-sha2-nistp521
|
||||
#
|
||||
# The default is:
|
||||
#
|
||||
# sntrup761x25519-sha512@openssh.com,
|
||||
# curve25519-sha256,curve25519-sha256@libssh.org,
|
||||
# ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
||||
# diffie-hellman-group-exchange-sha256,
|
||||
# diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
|
||||
# diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
|
||||
#
|
||||
# The list of available key exchange algorithms may also be obtained using "ssh -Q kex".
|
||||
#
|
||||
{% if (fact_sshd_kexalgorithms is defined) and fact_sshd_kexalgorithms %}
|
||||
KexAlgorithms {{ fact_sshd_kexalgorithms }}
|
||||
{% else %}
|
||||
#KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
|
||||
{% endif %}
|
||||
|
||||
# Ciphers
|
||||
#
|
||||
# Specifies the ciphers allowed. Multiple ciphers must be comma-separated. If the specified value begins
|
||||
# with a '+' character, then the specified ciphers will be appended to the default set instead of replac‐
|
||||
# ing them. If the specified value begins with a '-' character, then the specified ciphers (including
|
||||
# wildcards) will be removed from the default set instead of replacing them.
|
||||
#
|
||||
# The supported ciphers are:
|
||||
#
|
||||
# 3des-cbc
|
||||
# aes128-cbc
|
||||
# aes192-cbc
|
||||
# aes256-cbc
|
||||
# aes128-ctr
|
||||
# aes192-ctr
|
||||
# aes256-ctr
|
||||
# aes128-gcm@openssh.com
|
||||
# aes256-gcm@openssh.com
|
||||
# chacha20-poly1305@openssh.com
|
||||
#
|
||||
# The default is:
|
||||
#
|
||||
# chacha20-poly1305@openssh.com,
|
||||
# aes128-ctr,aes192-ctr,aes256-ctr,
|
||||
# aes128-gcm@openssh.com,aes256-gcm@openssh.com
|
||||
#
|
||||
# The list of available ciphers may also be obtained using "ssh -Q cipher".
|
||||
#
|
||||
{% if (fact_sshd_ciphers is defined) and fact_sshd_ciphers %}
|
||||
Ciphers {{ fact_sshd_ciphers }}
|
||||
{% else %}
|
||||
#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
|
||||
{% endif %}
|
||||
|
||||
# MACs
|
||||
#
|
||||
# Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used for
|
||||
# data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins
|
||||
# with a '+' character, then the specified algorithms will be appended to the default set instead of re‐
|
||||
# placing them. If the specified value begins with a '-' character, then the specified algorithms (in‐
|
||||
# cluding wildcards) will be removed from the default set instead of replacing them.
|
||||
#
|
||||
# The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac). These are
|
||||
# considered safer and their use recommended. The supported MACs are:
|
||||
#
|
||||
# hmac-md5
|
||||
# hmac-md5-96
|
||||
# hmac-sha1
|
||||
# hmac-sha1-96
|
||||
# hmac-sha2-256
|
||||
# hmac-sha2-512
|
||||
# umac-64@openssh.com
|
||||
# umac-128@openssh.com
|
||||
# hmac-md5-etm@openssh.com
|
||||
# hmac-md5-96-etm@openssh.com
|
||||
# hmac-sha1-etm@openssh.com
|
||||
# hmac-sha1-96-etm@openssh.com
|
||||
# hmac-sha2-256-etm@openssh.com
|
||||
# hmac-sha2-512-etm@openssh.com
|
||||
# umac-64-etm@openssh.com
|
||||
# umac-128-etm@openssh.com
|
||||
#
|
||||
# The default is:
|
||||
#
|
||||
# umac-64-etm@openssh.com,umac-128-etm@openssh.com,
|
||||
# hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
|
||||
# hmac-sha1-etm@openssh.com,
|
||||
# umac-64@openssh.com,umac-128@openssh.com,
|
||||
# hmac-sha2-256,hmac-sha2-512,hmac-sha1
|
||||
#
|
||||
# The list of available MAC algorithms may also be obtained using "ssh -Q mac".
|
||||
#
|
||||
{% if (fact_sshd_macs is defined) and fact_sshd_macs %}
|
||||
MACs {{ fact_sshd_macs }}
|
||||
{% else %}
|
||||
#MACs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,mac-sha2-256,hmac-sha2-512,hmac-sha1
|
||||
{% endif %}
|
||||
|
||||
# HostKeyAlgorithms
|
||||
#
|
||||
# Specifies the host key algorithms that the server offers. The default for this option is:
|
||||
#
|
||||
# ecdsa-sha2-nistp256-cert-v01@openssh.com,
|
||||
# ecdsa-sha2-nistp384-cert-v01@openssh.com,
|
||||
# ecdsa-sha2-nistp521-cert-v01@openssh.com,
|
||||
# ssh-ed25519-cert-v01@openssh.com,
|
||||
# rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
|
||||
# ssh-rsa-cert-v01@openssh.com,
|
||||
# ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
|
||||
# ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
||||
#
|
||||
# The list of available key types may also be obtained using "ssh -Q key".
|
||||
{% if (fact_sshd_hostkeyalgorithms is defined) and fact_sshd_hostkeyalgorithms %}
|
||||
HostKeyAlgorithms {{ fact_sshd_hostkeyalgorithms }}
|
||||
{% endif %}
|
||||
|
||||
# We use the distribution default values
|
||||
# ======================================
|
||||
|
||||
#-----------------------------
|
||||
# Logging
|
||||
|
||||
Reference in New Issue
Block a user