blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-14 00:43:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

DCD-1378: Add ciphers line to sshd config.

Browse Source
This commit is contained in:
Steve Smith
2021-11-16 14:29:55 +11:00
parent 6c05a8668f
commit 8df555ca73
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/linux_common/tasks/amazon.yml
View File

@@ -7,3 +7,12 @@
- libxml2 - libxml2
- git-{{ git_version }} - git-{{ git_version }}
- dejavu-sans-fonts - dejavu-sans-fonts
- name: Limit the SSH ciphers
lineinfile:
path: "/etc/ssh/sshd_config"
# Drop insecure ciphers, currently 3des-cbc only. You can get the
# full list with `sshd -T | grep -i ciphers`
line: "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc"
insertbefore: "BOF"
ignore_errors: yes # No sshd == no problem