From: Gabriel Filion <lelutin@gmail.com>
Date: Sun, 17 Jul 2011 03:45:24 +0000 (-0400)
Subject: Enable $ssh_hardened_ssl for FreeBSD
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=a5312442b6426951d4f6fa0c89128f4be5d93a5d;p=puppet-sshd.git

Enable $ssh_hardened_ssl for FreeBSD

It is the only sshd_config template that didn't have this option, so
copy it from the other templates.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
---

diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb
index 6714003..38738bc 100644
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -232,6 +232,11 @@ AllowUsers <%= sshd_allowed_users -%>
 AllowGroups <%= sshd_allowed_groups %>
 <%- end %>
 
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
 <%- unless sshd_tail_additional_options.to_s.empty? then %>
 <%= sshd_tail_additional_options %>
 <%- end %>