This repository was archived by the owner on Dec 26, 2020. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +4
-2
lines changed Expand file tree Collapse file tree 1 file changed +4
-2
lines changed Original file line number Diff line number Diff line change 88# Basic configuration
99# ===================
1010
11- # Either disable or only allow root login via certificates.
11+ # Either disable or only allowssh root login via certificates.
1212PermitRootLogin {{ 'without-password' if ssh_allow_root_with_key else 'no' }}
1313
1414# Define which port sshd should listen to. Default to `22`.
@@ -99,14 +99,16 @@ LogLevel VERBOSE
9999# eg ruby's Net::SSH at around 2.2.* doesn't support sha2 for kex, so this will have to be set true in this case.
100100# based on: https://bettercrypto.org/static/applied-crypto-hardening.pdf
101101{% if ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '14.04' -%}
102- {% if ssh_client_weak_kex -%}
102+ {% if ssh_server_weak_kex -%}
103103 KexAlgorithms {{ ssh_kex_66_weak | join(',') }}
104104 {% else -%}
105105 KexAlgorithms {{ ssh_kex_66_default | join(',') }}
106106 {% endif %}
107107{% else -%}
108108 {% if ansible_os_family in ['Oracle Linux' , 'RedHat' ] or (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '6' ) -%}
109109 #KexAlgorithms
110+ {% elif ssh_server_weak_kex -%}
111+ KexAlgorithms {{ sshd_kex_59_weak | join(',') }}
110112 {% else -%}
111113 KexAlgorithms {{ ssh_kex_59_default | join(',') }}
112114 {% endif %}
You can’t perform that action at this time.
0 commit comments