Skip to content

Commit

Permalink
roles/common: Add SHA-2 MACs to CentOS 7 sshd_config
Browse files Browse the repository at this point in the history 
See: http://www.paramiko.org/changelog.html#1.16.0
See: #37

Signed-off-by: James Oguya <j.oguya@cgiar.org>
  • Loading branch information
@alanorth
James Oguya authored and alanorth committed Apr 23, 2017
1 parent 24c848b commit ab31ed0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion roles/common/templates/sshd_config_CentOS-7.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ Subsystem sftp /usr/libexec/openssh/sftp-server
# recommended ciphers, MACs and KEXAlgorithms from bettercrypto.org for OpenSSH 6.6
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

# CIS 6.2.14
Expand Down

0 comments on commit ab31ed0

Please sign in to comment.