Diffusion FreeBSD src repository - subversion rS336836

Remove insecure ciphers from GCE sshd configuration
rS336836
Actions

Description

Remove insecure ciphers from GCE sshd configuration

They were added for unclear reasons in r277263. The current OpenSSH
defaults (7.5+) are reasonable, and do not include the insecure rc4 cipher:

chacha20-poly1305@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
aes128-cbc,aes192-cbc,aes256-cbc

I think I recall there being a reason for a specific list of ciphers on GCE
at the time, but I do not recall what it was, and cannot find any
current GCE documentation of such a list.

So, just revert the explicit configuration and use sane openssh defaults.

PR: 230092
Submitted by: Gustavo Scalet <gustavo.scalet AT collabora.com>
MFC after: 3 days
Security: yes

Details

Provenance

cem	Authored on

Parents

rS336835: Clean up execl*(3) manual page prototype formatting

Branches

Unknown

Tags

Unknown

Event Timeline

cem committed rS336836: Remove insecure ciphers from GCE sshd configuration.Jul 28 2018, 7:35 PM

Changes (1)

Path

Size

head/

release/

tools/

gce.conf

rS336836

View Options

head/release/tools/gce.conf