libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-10 05:33:29 +01:00
Code Issues Projects Releases Packages Wiki Activity

on debian10 securely configure SSH by default

Browse source 
verified configuration with 'ssh-audit'
removed controversial keys
removed insecure macs,keys,ciphers

tested on Debian 10 Buster
This commit is contained in:
Martin Verges 2019-10-24 13:44:43 +02:00
parent 59314077b9
commit 1cbfc4e272
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
vars/Debian_10.yml
View file

@ -9,8 +9,10 @@ __sshd_defaults:
Protocol: 2
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
HostKeyAlgorithms: ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com
KexAlgorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256
MACs: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
SyslogFacility: AUTH
LogLevel: INFO
LoginGraceTime: 120
@ -30,3 +32,4 @@ __sshd_defaults:
Subsystem: "sftp {{ sshd_sftp_server }}"
UsePAM: yes
__sshd_os_supported: yes