mirror of
https://github.com/saltstack-formulas/openssh-formula.git
synced 2024-11-27 23:07:53 +01:00
add more verbose warnings regarding ssh_config in pillar.example
This commit is contained in:
parent
f5a74f3fa0
commit
f192b91192
@ -84,6 +84,11 @@ sshd_config:
|
||||
- 'hmac-ripemd160'
|
||||
- 'umac-128@openssh.com'
|
||||
|
||||
# Warning! You should generally NOT NEED to set ssh_config. Setting ssh_config
|
||||
# pillar will overwrite the defaults of your distribution's SSH client. This
|
||||
# will also force the default configuration for all the SSH clients on the
|
||||
# machine. This can break SSH connections with servers using older versions of
|
||||
# openssh. Please make sure you understand the implication of different settings
|
||||
ssh_config:
|
||||
StrictHostKeyChecking: no
|
||||
ForwardAgent: no
|
||||
@ -107,9 +112,12 @@ ssh_config:
|
||||
PermitLocalCommand: 'no'
|
||||
VisualHostKey: 'no'
|
||||
# Check `man ssh_config` for supported KexAlgorithms, Ciphers and MACs first.
|
||||
# You can specify KexAlgorithms, Ciphers and MACs as both key or a list.
|
||||
# WARNING! Please make sure you understand the implications of the below
|
||||
# settings. The examples provided below might break your connection to older /
|
||||
# legacy openssh servers.
|
||||
# The configuration given in the example below is based on:
|
||||
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
|
||||
# You can specify KexAlgorithms, Ciphers and MACs as both key or a list.
|
||||
#KexAlgorithms: 'curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1'
|
||||
#Ciphers: 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
|
||||
#MACs: 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com'
|
||||
|
Loading…
Reference in New Issue
Block a user