add ssh7.6 support

Sebastian Gumprich · Sebastian Gumprich · commit 8d75ee741cfb · 2017-10-29T22:06:38.000+01:00
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -148,6 +148,13 @@ ssh_macs_66_default:
   - hmac-sha2-256
   - hmac-ripemd160
 
+ssh_macs_76_default:
+  - hmac-sha2-512-etm@openssh.com
+  - hmac-sha2-256-etm@openssh.com
+  - umac-128-etm@openssh.com
+  - hmac-sha2-512
+  - hmac-sha2-256
+
 ssh_macs_66_weak: "{{ ssh_macs_66_default + ['hmac-sha1'] }}"
 
 ssh_ciphers_53_default:
diff --git a/tasks/crypto.yml b/tasks/crypto.yml
@@ -17,6 +17,11 @@
 
 ###
 
+- name: set weak macs according to openssh-version if openssh >= 7.6
+  set_fact:
+    ssh_macs: "{{ssh_macs_76_default}}"
+  when: sshd_version.stdout >= '7.6' and not ssh_macs
+
 - name: set weak macs according to openssh-version if openssh >= 6.6
   set_fact:
     ssh_macs: "{{ssh_macs_66_weak}}"
