diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def | |
index 7eab846..b5e5af6 100644 | |
--- a/templates/service/ssh/ciphers/node.def | |
+++ b/templates/service/ssh/ciphers/node.def | |
@@ -1,21 +1,26 @@ | |
type: txt | |
help: Allowed ciphers | |
val_help: txt; Cipher string | |
-val_help: 3des-cbc; 3DES CBC | |
+val_help: [email protected]; AES 128 GCM | |
+val_help: [email protected]; AES 256 GCM | |
+val_help: [email protected]; ChaCha20 Poly1305 | |
+val_help: 3des-cbc; 3DES CBC (weak) | |
val_help: aes128-cbc; AES 128 CBC | |
val_help: aes192-cbc; AES 192 CBC | |
val_help: aes256-cbc; AES 256 CBC | |
val_help: aes128-ctr; AES 128 CTR | |
val_help: aes192-ctr; AES 192 CTR | |
val_help: aes256-ctr; AES 256 CTR | |
-val_help: arcfour128; AC4 128 | |
-val_help: arcfour256; AC4 256 | |
-val_help: arcfour; AC4 | |
+val_help: arcfour128; AC4 128 (broken) | |
+val_help: arcfour256; AC4 256 (broken) | |
+val_help: arcfour; AC4 (broken) | |
val_help: blowfish-cbc; Blowfish CBC | |
val_help: cast128-cbc; CAST 128 CBC | |
comp_help: Multiple ciphers can be specified as a comma-separated list. | |
-syntax:expression: pattern $VAR(@) "^((3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ | |
+syntax:expression: pattern $VAR(@) "^(([email protected]|\ | |
[email protected]|[email protected]|\ | |
+3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ | |
aes256-ctr|arcfour128|arcfour256|arcfour|\ | |
blowfish-cbc|cast128-cbc)(,|$))+$"; \ | |
"$VAR(@) is not a valid cipher list" | |
@@ -25,5 +30,5 @@ Ciphers $VAR(@)' /etc/ssh/sshd_config | |
delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config | |
-update: sudo sed -i -e '/^Ciphers/c \ | |
+update: sudo sed -i -e '/^Ciphers.*$/c \ | |
Ciphers $VAR(@)' /etc/ssh/sshd_config | |
diff --git a/templates/service/ssh/key-exchange/node.def b/templates/service/ssh/key-exchange/node.def | |
new file mode 100644 | |
index 0000000..a3c91b0 | |
--- /dev/null | |
+++ b/templates/service/ssh/key-exchange/node.def | |
@@ -0,0 +1,11 @@ | |
+type: txt | |
+help: Allowed key exchange algorithms | |
+comp_help: Specifies the available KEX (key exchange) algorithms. The KEX algorithm is used in protocol version 2 for key negotiation upon session creation. Multiple algorithms must be comma-separated. See 'ssh -Q kex' for supported KEX algorithms. | |
+ | |
+create: sudo sed -i -e '$ a \ | |
+KexAlgorithms $VAR(@)' /etc/ssh/sshd_config | |
+ | |
+delete: sudo sed -i -e '/^KexAlgorithms $VAR(@)$/d' /etc/ssh/sshd_config | |
+ | |
+update: sudo sed -i -e '/^KexAlgorithms.*$/c \ | |
+KexAlgorithms $VAR(@)' /etc/ssh/sshd_config | |
diff --git a/templates/service/ssh/loglevel/node.def b/templates/service/ssh/loglevel/node.def | |
new file mode 100644 | |
index 0000000..f66ec06 | |
--- /dev/null | |
+++ b/templates/service/ssh/loglevel/node.def | |
@@ -0,0 +1,19 @@ | |
+type: txt | |
+help: Log Level | |
+val_help: QUIET; stay silent | |
+val_help: FATAL; log fatals only | |
+val_help: ERROR; log errors and fatals only | |
+val_help: INFO; default log level | |
+val_help: VERBOSE; enable logging of failed login attempts | |
+comp_help: Gives the verbosity level that is used when logging messages from sshd(8). The default is INFO. | |
+ | |
+syntax:expression: pattern $VAR(@) "^((QUIET|FATAL|ERROR|INFO|VERBOSE)(,|$))+$"; \ | |
+"$VAR(@) is not a valid log level" | |
+ | |
+create: sudo sed -i -e '/^LogLevel.*$/c \ | |
+LogLevel $VAR(@)' /etc/ssh/sshd_config | |
+ | |
+delete: sudo sed -i -e '/^LogLevel $VAR(@)$/d' /etc/ssh/sshd_config | |
+ | |
+update: sudo sed -i -e '/^LogLevel.*$/c \ | |
+LogLevel $VAR(@)' /etc/ssh/sshd_config | |
diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def | |
index ee6c60e..f9bf417 100644 | |
--- a/templates/service/ssh/macs/node.def | |
+++ b/templates/service/ssh/macs/node.def | |
@@ -1,10 +1,11 @@ | |
type: txt | |
-help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'man sshd_config' for supported MACs. | |
+help: Allowed message authentication algorithms | |
+comp_help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'ssh -Q mac' for supported MACs. | |
create: sudo sed -i -e '$ a \ | |
MACs $VAR(@)' /etc/ssh/sshd_config | |
delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config | |
-update: sudo sed -i -e '/^MACs/c \ | |
-MACs $VAR(@)' /etc/ssh/sshd_config | |
\ No newline at end of file | |
+update: sudo sed -i -e '/^MACs.*$/c \ | |
+MACs $VAR(@)' /etc/ssh/sshd_config |
File Metadata
File Metadata
- Mime Type
- text/x-diff
- Storage Engine
- amazon-s3
- Storage Format
- Raw Data
- Storage Handle
- phabricator/tq/nx/krxlmxz2xtfpw7rp
- Default Alt Text
- vyatta-cfg-system.git.patch (4 KB)