base_common is a role that provisions sensible defaults for Centos 7.
- The openssh-server is hardened to ssh-audit standards.
- This config removes the deprecated ssh-rsa host key
RHEL- like system
server:
install: true
packages:
- policycoreutils-python
- libsemanage-python
- postfix
# sshd
Ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
HostKeyAlgorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
KexAlgorithms: curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256
MACs: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
base_common is a role that other base roles can depend on.
Refer to a complete build server https://github.com/bbaassssiiee/buildserver
MIT
Bas Meijer @bbaassssiiee