Skip to content

Commit 9439d38

Browse files
xtreme-nitin-ravindranxtreme-nitin-ravindran
authored
Jammy CIS KexAlgorithms (vmware#266)
* set jammy cis KexAlgorithms to default
1 parent 6b88190 commit 9439d38

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

tas/jammy-compliance-release/jobs/cis/templates/pre-start.sh.erb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,10 +42,10 @@ if grep "^#LogLevel" /etc/ssh/sshd_config; then
4242
sed -i "s/#LogLevel.*/LogLevel INFO/" /etc/ssh/sshd_config
4343
fi
4444

45-
# CIS 5.2.16 (FIPS Algorithms)
45+
# CIS 5.2.16
4646
grep -q -- '^KexAlgorithms' /etc/ssh/sshd_config \
47-
&& sed -i 's/.*KexAlgorithms.*/KexAlgorithms diffie-hellman-group-exchange-sha256/' /etc/ssh/sshd_config \
48-
|| echo 'KexAlgorithms diffie-hellman-group-exchange-sha256' >> /etc/ssh/sshd_config
47+
&& sed -i 's/.*KexAlgorithms.*/KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256/' /etc/ssh/sshd_config \
48+
|| echo 'KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256' >> /etc/ssh/sshd_config
4949

5050
# CIS 5.2.19
5151
grep -q -- '^MaxStartups' /etc/ssh/sshd_config \

0 commit comments

Comments
 (0)