reprioritize etm macs

See: * dev-sec/chef-ssh-hardening#66 * https://stribika.github.io/2015/01/04/secure-secure-shell.html Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
dev-sec · Jan 13, 2015 · f0b843c · f0b843c
1 parent d9da968
commit f0b843c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/puppet/parser/functions/get_ssh_macs.rb b/lib/puppet/parser/functions/get_ssh_macs.rb
@@ -29,7 +29,7 @@
   macs_59['weak'] = macs_59['default'] + ',hmac-sha1'
 
   macs_66 = {}
-  macs_66.default = 'hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-ripemd160'
+  macs_66.default = 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'
   macs_66['weak'] = macs_66['default'] + ',hmac-sha1'
 
   # creat the default version map (if os + version are default)