| |
@@ -2,16 +2,30 @@
|
| |
|
| |
Port {{ sshd_port }}
|
| |
|
| |
- {% if ansible_distribution_major_version == "6" %}
|
| |
+ {% if ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat' %}
|
| |
KexAlgorithms diffie-hellman-group-exchange-sha256
|
| |
MACs hmac-sha2-512,hmac-sha2-256
|
| |
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
|
| |
- {% else %}
|
| |
+ {% elif ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' %}
|
| |
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
|
| |
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
| |
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
| |
+ {% else %}
|
| |
+ # This system is following system-wide crypto policy. The changes to
|
| |
+ # crypto properties (Ciphers, MACs, ...) will not have any effect in
|
| |
+ # this or following included files. To override some configuration option,
|
| |
+ # write it before this block or include it before this file.
|
| |
+ # Please, see manual pages for update-crypto-policies(8) and sshd_config(5).
|
| |
+ # Also look in /usr/lib/systemd/system/sshd.service for how it is called.
|
| |
{% endif %}
|
| |
|
| |
+ {% if ansible_distribution_major_version|int >= 9 and ansible_distribution == 'RedHat' %}
|
| |
+ # To modify the system-wide sshd configuration, create a *.conf file under
|
| |
+ # /etc/ssh/sshd_config.d/ which will be automatically included below
|
| |
+ Include /etc/ssh/sshd_config.d/*.conf
|
| |
+ {% endif %}
|
| |
+
|
| |
+
|
| |
HostKey /etc/ssh/ssh_host_rsa_key
|
| |
{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
|
| |
HostKey /etc/ssh/ssh_host_ed25519_key
|
| |
@@ -38,9 +52,9 @@
|
| |
X11Forwarding no
|
| |
PermitTunnel no
|
| |
|
| |
- {% if ansible_distribution_major_version == "6" %}
|
| |
+ {% if ansible_distribution_major_version == "6" and ansible_distribution == 'RedHat' %}
|
| |
UsePrivilegeSeparation yes
|
| |
- {% elif ansible_distribution_major_version == "7" %}
|
| |
+ {% elif ansible_distribution_major_version == "7" and ansible_distribution == 'RedHat' %}
|
| |
UsePrivilegeSeparation sandbox
|
| |
{% endif %}
|
| |
|
| |
Try this again.