This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
Please read our Contribution Guide and visit our developer wiki.
Please excuse us as we transition this code into the public domain.
By default, the sshd::server
class will accept a wide range of ciphers.
At the time of 5.1.0, the default ciphers for ssh::server
are:
There are also 'fallback' ciphers, which are required in order to communicate with FIPS-140-2 conformant systems. These are also included by default unless the parameter ssh::server::conf::enable_fallback_ciphers
is set to false
:
- aes128-cbc
- aes192-cbc
- aes256-cbc
include 'sshd::server'
This will result in a server that accepts the following ciphers:
- [email protected]
- [email protected]
- aes128-cbc
- aes192-cbc
- aes256-cbc
class{'ssh::config':
enable_fallback_ciphers => false
}
include 'sshd::server'
This will result in a server that accepts the following ciphers:
The ciphers configured for the ssh client are set to only the strongest ciphers. In order to connect to a system that does not have these ciphers but uses the older ciphers you should use the command line option, ssh -c
. See the man pages for further information.
include 'sshd::client'