Merge pull request #37 from hardening-io/fix_hmac_ssh_client

chris-rock · chris-rock · commit 1046ede67a85 · 2015-09-01T08:25:59.000+02:00
Change variable for hmac from server to client
diff --git a/roles/ansible-ssh-hardening/templates/openssh.conf.j2 b/roles/ansible-ssh-hardening/templates/openssh.conf.j2
@@ -64,7 +64,7 @@ StrictHostKeyChecking ask
 # Weak HMAC is sometimes required if older package versions are used
 # eg Ruby's Net::SSH at around 2.2.* doesn't support sha2 for hmac, so this will have to be set true in this case.
 #
-{% if ssh_server_weak_hmac -%}
+{% if ssh_client_weak_hmac -%}
     {% if ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '14.04' -%}
         MACs {{macs_66_weak}}
     {% elif ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6' -%}

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ StrictHostKeyChecking ask`
`64`	`64`	`# Weak HMAC is sometimes required if older package versions are used`
`65`	`65`	`# eg Ruby's Net::SSH at around 2.2.* doesn't support sha2 for hmac, so this will have to be set true in this case.`
`66`	`66`	`#`
`67`		`-{% if ssh_server_weak_hmac -%}`
	`67`	`+{% if ssh_client_weak_hmac -%}`
`68`	`68`	`{% if ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '14.04' -%}`
`69`	`69`	`MACs {{macs_66_weak}}`
`70`	`70`	`{% elif ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6' -%}`