From 34370429445380acec8f4d7c915a2585714f6839 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Mon, 5 Dec 2022 12:36:38 -0500 Subject: [PATCH] Add elif to sshd_config template for EL7 EL6 and EL7 have a limited set of algorithms, but EL8 and Fedora use system configs set in a different file. Added an elif to better try and show this. Signed-off-by: Stephen Smoogen --- roles/basessh/templates/sshd_config | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config index 9f03284ede..4dde89ad73 100644 --- a/roles/basessh/templates/sshd_config +++ b/roles/basessh/templates/sshd_config @@ -6,10 +6,17 @@ Port {{ sshd_port }} KexAlgorithms diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512,hmac-sha2-256 Ciphers aes256-ctr,aes192-ctr,aes128-ctr -{% else %} +{% elif ansible_distribution_major_version == "7" %} KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com +{% else %} +# This system is following system-wide crypto policy. The changes to +# crypto properties (Ciphers, MACs, ...) will not have any effect in +# this or following included files. To override some configuration option, +# write it before this block or include it before this file. +# Please, see manual pages for update-crypto-policies(8) and sshd_config(5). +Include /etc/crypto-policies/back-ends/opensshserver.config {% endif %} {% set ed25519_key=True %}