Skip to content
This repository was archived by the owner on Dec 26, 2020. It is now read-only.

Commit 4ee9bf2

Browse files
rndmh3rorndmh3ro
authored
Merge pull request #254 from lunarthegrey/patch-1
Support KEX for OpenSSH 8.0+ & quantum resistant KEX
2 parents d1824a8 + 435ee7f commit 4ee9bf2

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

defaults/main.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -209,6 +209,11 @@ ssh_kex_59_default:
209209
ssh_kex_66_default:
210210
- [email protected]
211211
- diffie-hellman-group-exchange-sha256
212+
213+
ssh_kex_80_default:
214+
- [email protected]
215+
- [email protected]
216+
- diffie-hellman-group-exchange-sha256
212217

213218
# directory where to store ssh_password policy
214219
ssh_custom_selinux_dir: '/etc/selinux/local-policies'

tasks/crypto.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,11 @@
5151

5252
###
5353

54+
- name: set kex according to openssh-version if openssh >= 8.0
55+
set_fact:
56+
ssh_kex: '{{ ssh_kex_80_default }}'
57+
when: sshd_version.stdout is version('8.0', '>=') and not ssh_kex
58+
5459
- name: set kex according to openssh-version if openssh >= 6.6
5560
set_fact:
5661
ssh_kex: '{{ ssh_kex_66_default }}'

0 commit comments

Comments
 (0)