Skip to content
This repository has been archived by the owner on Dec 26, 2020. It is now read-only.

Support KEX for OpenSSH 8.0+ & quantum resistant KEX #254

Merged
merged 2 commits into from
Jan 17, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,11 @@ ssh_kex_59_default:
ssh_kex_66_default:
- curve25519-sha256@libssh.org
- diffie-hellman-group-exchange-sha256

ssh_kex_80_default:
- sntrup4591761x25519-sha512@tinyssh.org
- curve25519-sha256@libssh.org
- diffie-hellman-group-exchange-sha256

# directory where to store ssh_password policy
ssh_custom_selinux_dir: '/etc/selinux/local-policies'
Expand Down
5 changes: 5 additions & 0 deletions tasks/crypto.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,11 @@

###

- name: set kex according to openssh-version if openssh >= 8.0
set_fact:
ssh_kex: '{{ ssh_kex_80_default }}'
when: sshd_version.stdout is version('8.0', '>=') and not ssh_kex

- name: set kex according to openssh-version if openssh >= 6.6
set_fact:
ssh_kex: '{{ ssh_kex_66_default }}'
Expand Down