Merge pull request #14 from neutralrockets/helium

Add support for ciphers and macs override in ssh

2 files changed, 20 insertions, 0 deletions

diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def
new file mode 100644
index 00000000..0ab5fb8f
--- /dev/null
+++ b/templates/service/ssh/ciphers/node.def
@@ -0,0 +1,10 @@
+type: txt
+help: Specifies the ciphers allowed for protocol version 2.  Multiple ciphers must be comma-separated. See 'man sshd_config' for supported ciphers.
+
+create: sudo sed -i -e '$ a \
+Ciphers $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^Ciphers/c \
+Ciphers $VAR(@)' /etc/ssh/sshd_config
\ No newline at end of file
diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def
new file mode 100644
index 00000000..ee6c60e1
--- /dev/null
+++ b/templates/service/ssh/macs/node.def
@@ -0,0 +1,10 @@
+type: txt
+help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'man sshd_config' for supported MACs.
+
+create: sudo sed -i -e '$ a \
+MACs $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^MACs/c \
+MACs $VAR(@)' /etc/ssh/sshd_config
\ No newline at end of file