Commit 0f9e72ed authored by Karl Kornel's avatar Karl Kornel
Browse files

ssh::config::sshd: Disable ed25519 by default, for older OSes.

Newer OSes should enable this globally in Hiera.
parent 5c5edd9e
......@@ -41,6 +41,7 @@ made (customizeable parameters are called out):
* Listen on all addresses ('listen_addresses', a comma-separated string).
* Disable SSHv1.
* Only use RSA host keys.
* Ed25519 host keys are not used ('ed25519', a boolean).
* Increase the login timeout to 5 minutes.
* Limit authentication attempts to 5 ('max_tries', an integer).
* On RHEL-type systems, expicitly enable privilege separation.
......
......@@ -30,7 +30,7 @@
define base::ssh::config::sshd(
$ensure = 'present',
$gitolite = false,
$ed25519 = true,
$ed25519 = false,
$hostbased = false,
$pubkey = false,
$password = true,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment