Merge pull request #270 from foonix/rhel6-sha2-hmacs

rndmh3ro · web-flow · commit 4a97d4dc29f1 · 2020-04-13T16:26:36.000+02:00
Use sha2 HMACs on RHEL 6 / CentOS 6.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -171,6 +171,10 @@ ssh_macs_53_default:
   - hmac-ripemd160
   - hmac-sha1
 
+ssh_macs_53_el_6_5_default:
+  - hmac-sha2-512
+  - hmac-sha2-256
+
 ssh_macs_59_default:
   - hmac-sha2-512
   - hmac-sha2-256
diff --git a/tasks/crypto.yml b/tasks/crypto.yml
@@ -32,6 +32,14 @@
     ssh_macs: '{{ ssh_macs_59_default }}'
   when: sshd_version is version('5.9', '>=') and not ssh_macs
 
+- name: set macs for Enterprise Linux >= 6.5 (openssh 5.3 with backports)
+  set_fact:
+    ssh_macs: '{{ ssh_macs_53_el_6_5_default }}'
+  when:
+    - ansible_distribution in ['CentOS', 'OracleLinux', 'RedHat']
+    - ansible_distribution_version is version('6.5', '>=')
+    - not ssh_macs
+
 - name: set macs according to openssh-version
   set_fact:
     ssh_macs: '{{ ssh_macs_53_default }}'
