mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
improve support for legacy os
This commit is contained in:
Lilian Roller
parent
2669a1aebe
commit
b16efa6ca7
3 changed files with 38 additions and 12 deletions
|
|
@ -51,6 +51,7 @@
|
|||
creates: 'ssh_host_ed25519_key.pub'
|
||||
notify:
|
||||
- restart ssh
|
||||
when: ansible_distribution_release != 'wheezy'
|
||||
|
||||
- name: Remove unwanted host keys
|
||||
become: yes
|
||||
|
|
@ -62,7 +63,9 @@
|
|||
- dsa
|
||||
notify:
|
||||
- restart ssh
|
||||
when: generate_ecdsa_too|bool
|
||||
when:
|
||||
- generate_ecdsa_too|bool
|
||||
- ansible_distribution_release != 'wheezy'
|
||||
|
||||
- name: Remove unwanted host keys
|
||||
become: yes
|
||||
|
|
@ -75,7 +78,9 @@
|
|||
- dsa
|
||||
notify:
|
||||
- restart ssh
|
||||
when: not generate_ecdsa_too|bool
|
||||
when:
|
||||
- not generate_ecdsa_too|bool
|
||||
- ansible_distribution_release != 'wheezy'
|
||||
|
||||
- name: make sure the correct keys are available
|
||||
file:
|
||||
|
|
@ -88,7 +93,9 @@
|
|||
- dsa
|
||||
notify:
|
||||
- restart ssh
|
||||
when: not generate_ecdsa_too|bool
|
||||
when:
|
||||
- not generate_ecdsa_too|bool
|
||||
- ansible_distribution_release != 'wheezy'
|
||||
|
||||
- name: make sure the correct keys are available except ecdsa
|
||||
file:
|
||||
|
|
@ -100,4 +107,6 @@
|
|||
- dsa
|
||||
notify:
|
||||
- restart ssh
|
||||
when: generate_ecdsa_too|bool
|
||||
when:
|
||||
- generate_ecdsa_too|bool
|
||||
- ansible_distribution_release != 'wheezy'
|
||||
|
|
|
|||
|
|
@ -9,8 +9,14 @@ TCPKeepAlive yes
|
|||
# Key exchange
|
||||
#KexAlgorithms curve25519-sha256@libssh.org,
|
||||
# diffie-hellman-group-exchange-sha256
|
||||
KexAlgorithms curve25519-sha256@libssh.org{%
|
||||
if use_diffie_hellman_group_exchange_sha256 %},diffie-hellman-group-exchange-sha256{% endif %}
|
||||
{% if ansible_distribution_release == 'wheezy' -%}
|
||||
KexAlgorithms diffie-hellman-group-exchange-sha256
|
||||
{%- else -%}
|
||||
KexAlgorithms diffie-hellman-group-exchange-sha256
|
||||
{%- if use_diffie_hellman_group_exchange_sha256 -%}
|
||||
,diffie-hellman-group-exchange-sha256
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
# Server authentication
|
||||
Protocol 2
|
||||
|
|
@ -53,8 +59,14 @@ endif %}PubkeyAcceptedKeyTypes ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
|
|||
# aes256-ctr,
|
||||
# aes192-ctr,
|
||||
# aes128-ctr
|
||||
Ciphers chacha20-poly1305@openssh.com{%
|
||||
if use_aes256_ctr %},aes256-ctr{% endif %}
|
||||
{% if ansible_distribution_release == 'wheezy' -%}
|
||||
Ciphers aes192-ctr,aes256-ctr,arcfour256
|
||||
{%- else -%}
|
||||
Ciphers chacha20-poly1305@openssh.com
|
||||
{%- if use_aes256_ctr -%}
|
||||
,aes256-ctr
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
|
||||
# Message authentication codes
|
||||
|
|
@ -66,9 +78,14 @@ if use_aes256_ctr %},aes256-ctr{% endif %}
|
|||
# hmac-sha2-256,
|
||||
# hmac-ripemd160,
|
||||
# umac-128@openssh.com
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com{%
|
||||
if use_hmac_sha2_512 %},hmac-sha2-512{% endif %}
|
||||
|
||||
{% if ansible_distribution_release == 'wheezy' -%}
|
||||
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
|
||||
{%- else -%}
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
||||
{%- if use_hmac_sha2_512 -%}
|
||||
,hmac-sha2-512
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
# Allow client to pass locale environment variables
|
||||
AcceptEnv LANG LC_*
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
playbook_version_number: 123
|
||||
playbook_version_number: 1024 # should be over ninethousand
|
||||
playbook_version_path: '/etc/ansible-version/role-sshd_chaos-bodensee_github.com.version'
|
||||
|
|
|
|||
Loading…
Reference in a new issue