Use sha2 HMACs on RHEL 6 / CentOS 6.

defaults/main.yml

@@ -171,6 +171,10 @@ ssh_macs_53_default:
   - hmac-ripemd160
   - hmac-sha1
 
+ssh_macs_53_el_6_5_default:
+  - hmac-sha2-512
+  - hmac-sha2-256
+
 ssh_macs_59_default:
   - hmac-sha2-512
   - hmac-sha2-256

tasks/crypto.yml

@@ -32,6 +32,14 @@
     ssh_macs: '{{ ssh_macs_59_default }}'
   when: sshd_version is version('5.9', '>=') and not ssh_macs
 
+- name: set macs for Enterprise Linux >= 6.5 (openssh 5.3 with backports)
+  set_fact:
+    ssh_macs: '{{ ssh_macs_53_el_6_5_default }}'
+  when:
+    - ansible_distribution in ['CentOS', 'OracleLinux', 'RedHat']
+    - ansible_distribution_version is version('6.5', '>=')
+    - not ssh_macs
+
 - name: set macs according to openssh-version
   set_fact:
     ssh_macs: '{{ ssh_macs_53_default }}'