Yuvipanda has submitted this change and it was merged. Change subject: ssh: Explicitly don't specify ciphers / keys on lucid ......................................................................
ssh: Explicitly don't specify ciphers / keys on lucid It doesn't understand them and kills sshd Change-Id: I45684088a445a69115254f0f12deb803e5ddf2cf --- M modules/ssh/templates/sshd_config.erb 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Yuvipanda: Looks good to me, approved Muehlenhoff: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb index 2fd3446..293434a 100644 --- a/modules/ssh/templates/sshd_config.erb +++ b/modules/ssh/templates/sshd_config.erb @@ -22,7 +22,7 @@ <%- if @disable_nist_kex -%> <% if scope.function_os_version(['ubuntu == lucid']) %> -KexAlgorithms diffie-hellman-group-exchange-sha256 +# KeyAlgorithms expliclty left unspecified for lucid <% else %> KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 <% end %> @@ -47,7 +47,7 @@ <%- if @explicit_macs -%> # Message Authentication codes <% if scope.function_os_version(['ubuntu == lucid'])%> -MACs hmac-sha2-512,hmac-sha2-256 +# MACs explicitly left unspecified for lucid <% else %> MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com <% end %> @@ -56,7 +56,7 @@ StrictModes yes <% if scope.function_os_version(['ubuntu == lucid']) %> -Ciphers aes256-ctr,aes192-ctr,aes128-ctr +# Ciphers explicitly set unspecified for lucid <% else %> Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr <% end %> -- To view, visit https://gerrit.wikimedia.org/r/220743 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I45684088a445a69115254f0f12deb803e5ddf2cf Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
