blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-14 08:53:07 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merged in DCD-1378-trim-ssh-ciphers (pull request #155)

Browse Source 
DCD-1378: Add ciphers line to sshd config.

Approved-by: Adam Brokes
Approved-by: Nasser Ghazali-Beiklar
This commit is contained in:
Steve Smith
2021-11-22 00:47:13 +00:00
parent 6c05a8668f daf7f7b34b
commit 4af089a377
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/linux_common/tasks/amazon.yml
View File

@@ -7,3 +7,13 @@
- libxml2 - libxml2
- git-{{ git_version }} - git-{{ git_version }}
- dejavu-sans-fonts - dejavu-sans-fonts
- name: Limit the SSH ciphers
lineinfile:
path: "/etc/ssh/sshd_config"
# Drop insecure ciphers, currently 3des-cbc only. You can get the
# full list with `sshd -T | grep -i ciphers`
regexp: '^[Cc]iphers'
line: "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc"
insertbefore: "BOF"
ignore_errors: yes # No sshd == no problem