-
Notifications
You must be signed in to change notification settings - Fork 0
/
fixsshd.yml
35 lines (32 loc) · 1.26 KB
/
fixsshd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
- name: ModifyFile
#gather_facts: no
hosts: all
become: yes
become_user: ec2-user
tasks:
- name: Adding Mac/Kex Cipher Config RHEL 6
blockinfile:
path: /etc/ssh/sshd_config
insertafter: "Ciphers aes128-ctr,aes192-ctr,aes256-ctr"
marker: ""
backup: yes
block: |
#Mac and KexAlgorithms required ciphers
MACs hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
when: ansible_distribution_major_version == "6"
- name: Adding Mac/Kex Cipher Config RHEL 6
blockinfile:
path: /etc/ssh/sshd_config
insertafter: "Ciphers aes128-ctr,aes192-ctr,aes256-ctr"
marker: ""
backup: yes
block: |
#Mac and KexAlgorithms required ciphers
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
when: ansible_distribution_major_version == "7"
- name: Restart SSHD
ansible.builtin.service:
name: sshd
state: restarted