Removes hmac-ripemd160 from hardened config due to OpenSSH 7.6 deprecation

author Silvio Rhatto <rhatto@riseup.net>

Fri, 14 Sep 2018 16:57:52 +0000 (13:57 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Fri, 14 Sep 2018 16:57:52 +0000 (13:57 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Fri, 14 Sep 2018 16:57:52 +0000 (13:57 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Fri, 14 Sep 2018 16:57:52 +0000 (13:57 -0300)
diff --git a/templates/sshd_config/Debian_buster.erb b/templates/sshd_config/Debian_buster.erb

index 91dbfff021c824d07b2a1bd1b87396d240e09052..33c874be2ec72afdc35d9fa7e3784f73f85ebc43 100644 (file)
--- a/templates/sshd_config/Debian_buster.erb
+++ b/templates/sshd_config/Debian_buster.erb
@@ -116,7 +116,7 @@ AllowGroups <%= s %>
  <% if scope.lookupvar('::sshd::hardened') == 'yes' -%>
  KexAlgorithms curve25519-sha256@libssh.org
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
  <% end -%>
  
  <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%>
author	Silvio Rhatto <rhatto@riseup.net>
	Fri, 14 Sep 2018 16:57:52 +0000 (13:57 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Fri, 14 Sep 2018 16:57:52 +0000 (13:57 -0300)