Enable non-weak ssh ciphers This commit explicitely enables only those supported ciphers that weren't considered as 'weak'. At the moment those are: * arcfour * arcfour128 * arcfour256 Change-Id: I39c090e89b7648e901e16ace88c0cd25b4eeef27 Related-Prod: PROD-27242

commit: 27c7b748b71e259cdb6c362fa4fa3769ddf2976c [log] [tgz]
author: Dmitry Teselkin <dteselkin@mirantis.com> Tue Feb 26 13:48:49 2019 +0300
committer: Dmitry Teselkin <dteselkin@mirantis.com> Tue Feb 26 13:53:24 2019 +0300
tree: f33662028239b2dae8b6ed554f31dfd335075c4e
parent: dc1f0c520114f263bc0110e0612dba7e51727c1a [diff]
diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..d59cd19
--- /dev/null
+++ b/.gitreview

@@ -0,0 +1,3 @@
+[gerrit]
+host=gerrit.mcp.mirantis.com
+project=salt-formulas/openssh.git

diff --git a/metadata/service/server/sshd-strong-ciphers.yml b/metadata/service/server/sshd-strong-ciphers.yml
new file mode 100644
index 0000000..dde6844
--- /dev/null
+++ b/metadata/service/server/sshd-strong-ciphers.yml

@@ -0,0 +1,26 @@
+parameters:
+  openssh:
+    server:
+      ciphers:
+        "3des-cbc":
+          enabled: True
+        "aes128-cbc":
+          enabled: True
+        "aes192-cbc":
+          enabled: True
+        "aes256-cbc":
+          enabled: True
+        "aes128-ctr":
+          enabled: True
+        "aes192-ctr":
+          enabled: True
+        "aes256-ctr":
+          enabled: True
+        "aes128-gcm@openssh.com":
+          enabled: True
+        "aes256-gcm@openssh.com":
+          enabled: True
+        "chacha20-poly1305@openssh.com":
+          enabled: True
+        "rijndael-cbc@lysator.liu.se":
+          enabled: True
commit	27c7b748b71e259cdb6c362fa4fa3769ddf2976c	[log] [tgz]
author	Dmitry Teselkin <dteselkin@mirantis.com>	Tue Feb 26 13:48:49 2019 +0300
committer	Dmitry Teselkin <dteselkin@mirantis.com>	Tue Feb 26 13:53:24 2019 +0300
tree	f33662028239b2dae8b6ed554f31dfd335075c4e
parent	dc1f0c520114f263bc0110e0612dba7e51727c1a [diff]