diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def | |
index 7eab846..b5e5af6 100644 | |
--- a/templates/service/ssh/ciphers/node.def | |
+++ b/templates/service/ssh/ciphers/node.def | |
@@ -1,21 +1,26 @@ | |
type: txt | |
help: Allowed ciphers | |
val_help: txt; Cipher string | |
-val_help: 3des-cbc; 3DES CBC | |
+val_help: [email protected]; AES 128 GCM | |
+val_help: [email protected]; AES 256 GCM | |
+val_help: [email protected]; ChaCha20 Poly1305 | |
+val_help: 3des-cbc; 3DES CBC (weak) | |
val_help: aes128-cbc; AES 128 CBC | |
val_help: aes192-cbc; AES 192 CBC | |
val_help: aes256-cbc; AES 256 CBC | |
val_help: aes128-ctr; AES 128 CTR | |
val_help: aes192-ctr; AES 192 CTR | |
val_help: aes256-ctr; AES 256 CTR | |
-val_help: arcfour128; AC4 128 | |
-val_help: arcfour256; AC4 256 | |
-val_help: arcfour; AC4 | |
+val_help: arcfour128; AC4 128 (broken) | |
+val_help: arcfour256; AC4 256 (broken) | |
+val_help: arcfour; AC4 (broken) | |
val_help: blowfish-cbc; Blowfish CBC | |
val_help: cast128-cbc; CAST 128 CBC | |
comp_help: Multiple ciphers can be specified as a comma-separated list. | |
-syntax:expression: pattern $VAR(@) "^((3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ | |
+syntax:expression: pattern $VAR(@) "^(([email protected]|\ | |
[email protected]|[email protected]|\ | |
+3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ | |
aes256-ctr|arcfour128|arcfour256|arcfour|\ | |
blowfish-cbc|cast128-cbc)(,|$))+$"; \ | |
"$VAR(@) is not a valid cipher list" | |
@@ -25,5 +30,5 @@ Ciphers $VAR(@)' /etc/ssh/sshd_config | |
delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config | |
-update: sudo sed -i -e '/^Ciphers/c \ | |
+update: sudo sed -i -e '/^Ciphers.*$/c \ | |
Ciphers $VAR(@)' /etc/ssh/sshd_config | |
diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def | |
index ee6c60e..f9bf417 100644 | |
--- a/templates/service/ssh/macs/node.def | |
+++ b/templates/service/ssh/macs/node.def | |
@@ -1,10 +1,11 @@ | |
type: txt | |
-help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'man sshd_config' for supported MACs. | |
+help: Allowed message authentication algorithms | |
+comp_help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'ssh -Q mac' for supported MACs. | |
create: sudo sed -i -e '$ a \ | |
MACs $VAR(@)' /etc/ssh/sshd_config | |
delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config | |
-update: sudo sed -i -e '/^MACs/c \ | |
-MACs $VAR(@)' /etc/ssh/sshd_config | |
\ No newline at end of file | |
+update: sudo sed -i -e '/^MACs.*$/c \ | |
+MACs $VAR(@)' /etc/ssh/sshd_config |
File Metadata
File Metadata
- Mime Type
- text/x-diff
- Storage Engine
- amazon-s3
- Storage Format
- Raw Data
- Storage Handle
- phabricator/f3/47/bn7bdof2znw5drql
- Default Alt Text
- vyatta-cfg-system.git.patch (2 KB)