use new kex for redhat family 7 in ssh client config and fix for wrong macs setting

atomic111 · atomic111 · commit 34144cf3b8bd · 2016-07-27T15:08:38.000+02:00
Signed-off-by: Patrick Münch &lt;patrick.muench1111@gmail.com&gt;
diff --git a/templates/openssh.conf.j2 b/templates/openssh.conf.j2
@@ -74,7 +74,9 @@ StrictHostKeyChecking ask
     {% if (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '14.04') or (ansible_distribution == 'Debian' and ansible_distribution_version >= '8') or (ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version >= '7') -%}
     MACs {{ ssh_macs_66_default | join(',') }}
     {% elif ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6' -%}
-    MACs {{ ssh_macs_53_default | join(',') }}
+        MACs {{ ssh_macs_53_default | join(',') }}
+    {% else -%}
+        MACs {{ ssh_macs_59_default | join(',') }}
     {% endif %}
 {% endif %}
 
@@ -85,14 +87,14 @@ StrictHostKeyChecking ask
 # Weak kex is sometimes required if older package versions are used
 # eg ruby's Net::SSH at around 2.2.* doesn't support sha2 for kex, so this will have to be set true in this case.
 #
-{% if (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '14.04') or (ansible_distribution == 'Debian' and ansible_distribution_version >= '8') -%}
+{% if (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '14.04') or (ansible_distribution == 'Debian' and ansible_distribution_version >= '8') or (ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version >= '7') -%}
    {% if ssh_client_weak_kex -%}
     KexAlgorithms {{ ssh_kex_66_weak | join(',') }}
    {% else -%}
         KexAlgorithms {{ ssh_kex_66_default | join(',') }}
    {% endif %}
 {% else -%}
-   {% if ansible_os_family in ['Oracle Linux', 'RedHat'] -%}
+   {% if ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6' -%}
            #KexAlgorithms
    {% elif ssh_client_weak_kex -%}
            KexAlgorithms {{ ssh_kex_59_weak | join(',') }}
diff --git a/templates/opensshd.conf.j2 b/templates/opensshd.conf.j2
@@ -80,6 +80,8 @@ LogLevel VERBOSE
         MACs {{ ssh_macs_66_default | join(',') }}
     {% elif ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6' -%}
         MACs {{ ssh_macs_53_default | join(',') }}
+    {% else -%}
+        MACs {{ ssh_macs_59_default | join(',') }}
     {% endif %}
 {% endif %}
 
