-
Notifications
You must be signed in to change notification settings - Fork 705
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rework CRYPTO_POLICY handling for fedora (#314)
* rework CRYPTO_POLICY handling for fedora the previous implementation did not handle fedora right. Now we check if a CRYPTO_POLICY is present regardless of the OS version. Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * improve tasks for CRYPTO_POLICY Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add exception for Archlinux Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * swap conditions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
- Loading branch information
Showing
6 changed files
with
37 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Configuration file for the sshd service. | ||
|
||
# The server keys are automatically generated if they are missing. | ||
# To change the automatic creation, adjust sshd.service options for | ||
# example using systemctl enable sshd-keygen@dsa.service to allow creation | ||
# of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key | ||
# creation. | ||
|
||
# Do not change this option unless you have hardware random | ||
# generator and you REALLY know what you are doing | ||
|
||
SSH_USE_STRONG_RNG=0 | ||
# SSH_USE_STRONG_RNG=1 | ||
|
||
# System-wide crypto policy: | ||
# To opt-out, uncomment the following line | ||
CRYPTO_POLICY= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,7 @@ | ||
sshd_service_name: sshd | ||
ssh_owner: root | ||
ssh_group: root | ||
ssh_group: root | ||
|
||
# CRYPTO_POLICY is not supported on Archlinux | ||
# and the package check only works in Ansible >2.10 | ||
sshd_disable_crypto_policy: false |