RHEL9-CIS/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2

{{ file_managed_by_ansible }}
# This is a subpolicy to disable weak ciphers
# for the SSH protocol (libssh and OpenSSH)
# Carried out as part of CIS Benchmark rules combined 1.6.6 and 5.1.4
cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_4 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}
Update .j2 branding Signed-off-by: Frederick Witty <frederick.witty@gotyto.com> 2026-02-11 15:39:59 -05:00			`{{ file_managed_by_ansible }}`
Initial pmod templates for ssh control Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:02:51 +01:00			`# This is a subpolicy to disable weak ciphers`
			`# for the SSH protocol (libssh and OpenSSH)`
			`# Carried out as part of CIS Benchmark rules combined 1.6.6 and 5.1.4`
Fix for #320 thank you @kodebach Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com> 2025-04-25 11:47:17 -04:00			`cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_4 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}`