Switch sshd config for f22/f23 to explicitly say only v2 protocol, adjust rkhunter for this.

2015-10-09 19:32:51 +00:00 · 2015-10-09 19:32:51 +00:00 · f6722659e5
commit f6722659e5
parent e67aecbb2b
3 changed files with 3 additions and 3 deletions
--- a/roles/base/files/ssh/sshd_config.22
+++ b/roles/base/files/ssh/sshd_config.22
@ -20,7 +20,7 @@
 #ListenAddress ::

 # The default requires explicit activation of protocol 1
-#Protocol 2
+Protocol 2

 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
--- a/roles/base/files/ssh/sshd_config.23
+++ b/roles/base/files/ssh/sshd_config.23
@ -20,7 +20,7 @@
 #ListenAddress ::

 # The default requires explicit activation of protocol 1
-#Protocol 2
+Protocol 2

 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
--- a/roles/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/rkhunter/templates/rkhunter.conf.j2
@ -165,7 +165,7 @@ ALLOW_SSH_ROOT_USER=without-password
 # configuration file, then a value of '2' may be set here in order to
 # suppress a warning message. This option has a default value of '0'.
 #
-{% if ansible_distribution == 'Fedora' %}
+{% if ansible_distribution_major_version|int < 22 %}
 # Fedora doesn't set protocol in ssh config
 ALLOW_SSH_PROT_V1=2
 {% else %}