| diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def | |
| index 7eab846..b5e5af6 100644 | |
| --- a/templates/service/ssh/ciphers/node.def | |
| +++ b/templates/service/ssh/ciphers/node.def | |
| @@ -1,21 +1,26 @@ | |
| type: txt | |
| help: Allowed ciphers | |
| val_help: txt; Cipher string | |
| -val_help: 3des-cbc; 3DES CBC | |
| +val_help: [email protected]; AES 128 GCM | |
| +val_help: [email protected]; AES 256 GCM | |
| +val_help: [email protected]; ChaCha20 Poly1305 | |
| +val_help: 3des-cbc; 3DES CBC (weak) | |
| val_help: aes128-cbc; AES 128 CBC | |
| val_help: aes192-cbc; AES 192 CBC | |
| val_help: aes256-cbc; AES 256 CBC | |
| val_help: aes128-ctr; AES 128 CTR | |
| val_help: aes192-ctr; AES 192 CTR | |
| val_help: aes256-ctr; AES 256 CTR | |
| -val_help: arcfour128; AC4 128 | |
| -val_help: arcfour256; AC4 256 | |
| -val_help: arcfour; AC4 | |
| +val_help: arcfour128; AC4 128 (broken) | |
| +val_help: arcfour256; AC4 256 (broken) | |
| +val_help: arcfour; AC4 (broken) | |
| val_help: blowfish-cbc; Blowfish CBC | |
| val_help: cast128-cbc; CAST 128 CBC | |
| comp_help: Multiple ciphers can be specified as a comma-separated list. | |
| -syntax:expression: pattern $VAR(@) "^((3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ | |
| +syntax:expression: pattern $VAR(@) "^(([email protected]|\ | |
| [email protected]|[email protected]|\ | |
| +3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ | |
| aes256-ctr|arcfour128|arcfour256|arcfour|\ | |
| blowfish-cbc|cast128-cbc)(,|$))+$"; \ | |
| "$VAR(@) is not a valid cipher list" | |
| @@ -25,5 +30,5 @@ Ciphers $VAR(@)' /etc/ssh/sshd_config | |
| delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config | |
| -update: sudo sed -i -e '/^Ciphers/c \ | |
| +update: sudo sed -i -e '/^Ciphers.*$/c \ | |
| Ciphers $VAR(@)' /etc/ssh/sshd_config | |
| diff --git a/templates/service/ssh/key-exchange/node.def b/templates/service/ssh/key-exchange/node.def | |
| new file mode 100644 | |
| index 0000000..a3c91b0 | |
| --- /dev/null | |
| +++ b/templates/service/ssh/key-exchange/node.def | |
| @@ -0,0 +1,11 @@ | |
| +type: txt | |
| +help: Allowed key exchange algorithms | |
| +comp_help: Specifies the available KEX (key exchange) algorithms. The KEX algorithm is used in protocol version 2 for key negotiation upon session creation. Multiple algorithms must be comma-separated. See 'ssh -Q kex' for supported KEX algorithms. | |
| + | |
| +create: sudo sed -i -e '$ a \ | |
| +KexAlgorithms $VAR(@)' /etc/ssh/sshd_config | |
| + | |
| +delete: sudo sed -i -e '/^KexAlgorithms $VAR(@)$/d' /etc/ssh/sshd_config | |
| + | |
| +update: sudo sed -i -e '/^KexAlgorithms.*$/c \ | |
| +KexAlgorithms $VAR(@)' /etc/ssh/sshd_config | |
| diff --git a/templates/service/ssh/loglevel/node.def b/templates/service/ssh/loglevel/node.def | |
| new file mode 100644 | |
| index 0000000..f66ec06 | |
| --- /dev/null | |
| +++ b/templates/service/ssh/loglevel/node.def | |
| @@ -0,0 +1,19 @@ | |
| +type: txt | |
| +help: Log Level | |
| +val_help: QUIET; stay silent | |
| +val_help: FATAL; log fatals only | |
| +val_help: ERROR; log errors and fatals only | |
| +val_help: INFO; default log level | |
| +val_help: VERBOSE; enable logging of failed login attempts | |
| +comp_help: Gives the verbosity level that is used when logging messages from sshd(8). The default is INFO. | |
| + | |
| +syntax:expression: pattern $VAR(@) "^((QUIET|FATAL|ERROR|INFO|VERBOSE)(,|$))+$"; \ | |
| +"$VAR(@) is not a valid log level" | |
| + | |
| +create: sudo sed -i -e '/^LogLevel.*$/c \ | |
| +LogLevel $VAR(@)' /etc/ssh/sshd_config | |
| + | |
| +delete: sudo sed -i -e '/^LogLevel $VAR(@)$/d' /etc/ssh/sshd_config | |
| + | |
| +update: sudo sed -i -e '/^LogLevel.*$/c \ | |
| +LogLevel $VAR(@)' /etc/ssh/sshd_config | |
| diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def | |
| index ee6c60e..f9bf417 100644 | |
| --- a/templates/service/ssh/macs/node.def | |
| +++ b/templates/service/ssh/macs/node.def | |
| @@ -1,10 +1,11 @@ | |
| type: txt | |
| -help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'man sshd_config' for supported MACs. | |
| +help: Allowed message authentication algorithms | |
| +comp_help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'ssh -Q mac' for supported MACs. | |
| create: sudo sed -i -e '$ a \ | |
| MACs $VAR(@)' /etc/ssh/sshd_config | |
| delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config | |
| -update: sudo sed -i -e '/^MACs/c \ | |
| -MACs $VAR(@)' /etc/ssh/sshd_config | |
| \ No newline at end of file | |
| +update: sudo sed -i -e '/^MACs.*$/c \ | |
| +MACs $VAR(@)' /etc/ssh/sshd_config |
File Metadata
File Metadata
- Mime Type
- text/x-diff
- Storage Engine
- amazon-s3
- Storage Format
- Raw Data
- Storage Handle
- phabricator/tq/nx/krxlmxz2xtfpw7rp
- Default Alt Text
- vyatta-cfg-system.git.patch (4 KB)