Changeset 13850
- Timestamp:
- 25 Apr 2016, 21:25:32 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup-ansible/bootstrap.yml
r13849 r13850 44 44 state=present 45 45 46 - name: "bootstrap | disable dsa keys in sshd_config"46 - name: "bootstrap | sshd_config - disable dsa keys" 47 47 lineinfile: 48 48 dest=/etc/ssh/sshd_config … … 53 53 notify: "restart sshd" 54 54 55 - name: "bootstrap | disable ecdsa keys in sshd_config"55 - name: "bootstrap | sshd_config - disable ecdsa keys" 56 56 lineinfile: 57 57 dest=/etc/ssh/sshd_config … … 62 62 notify: "restart sshd" 63 63 64 - name: "bootstrap | s et key bits in sshd_configto 4096"64 - name: "bootstrap | sshd_config - set key bits to 4096" 65 65 lineinfile: 66 66 dest=/etc/ssh/sshd_config … … 71 71 notify: "restart sshd" 72 72 73 - name: "bootstrap | sshd_config - set secure ciphers from bettercrypto.org" 74 lineinfile: 75 dest=/etc/ssh/sshd_config 76 line='Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr' 77 state=present 78 notify: "restart sshd" 79 80 - name: "bootstrap | sshd_config - set secure MACs from bettercrypto.org" 81 lineinfile: 82 dest=/etc/ssh/sshd_config 83 line='MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160' 84 state=present 85 notify: "restart sshd" 86 87 - name: "bootstrap | sshd_config - set secure kex algos from bettercrypto.org" 88 lineinfile: 89 dest=/etc/ssh/sshd_config 90 line='KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1' 91 state=present 92 notify: "restart sshd" 93 73 94 - name: "bootstrap | remove short moduli (<2048 bits) from /etc/ssh/moduli" 74 95 replace:
Note: See TracChangeset for help on using the changeset viewer.