update readme and tests

Sebastian Gumprich · Sebastian Gumprich · commit 6832ec840599 · 2018-09-11T19:24:40.000+02:00
diff --git a/README.md b/README.md
@@ -70,6 +70,9 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_use_dns` | `false` | Specifies whether sshd should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. |
 |`ssh_server_revoked_keys` | [] | a list of revoked public keys that the ssh server will always reject, useful to revoke known weak or compromised keys.|
 |`ssh_max_startups` | '10:30:100' | Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon.|
+|`ssh_macs` | [] | Change this list to overwrite macs. Defaults found in `defaults/main.yml` |
+|`ssh_kex` | [] | Change this list to overwrite kexs. Defaults found in `defaults/main.yml` |
+|`ssh_ciphers` | [] | Change this list to overwrite ciphers. Defaults found in `defaults/main.yml` |
 
 ## Example Playbook
 
diff --git a/tests/default_custom.yml b/tests/default_custom.yml
@@ -65,45 +65,15 @@
     ssh_authorized_principals_file: '/etc/ssh/auth_principals/%u'
     ssh_authorized_principals :
       - { path: '/etc/ssh/auth_principals/root', principals: [ 'root' ], owner: "{{ ssh_owner }}", group: "{{ ssh_group }}", directoryowner: "{{ ssh_owner }}", directorygroup: "{{ ssh_group}}" }
-    ssh_macs_53_default:
-      - hmac-ripemd160
-      - hmac-sha1
-    ssh_macs_59_default:
+    ssh_macs:
       - hmac-sha2-512
       - hmac-sha2-256
-      - hmac-ripemd160
-      - hmac-sha1
-    ssh_macs_66_default:
-      - hmac-sha2-512-etm@openssh.com
-      - hmac-sha2-256-etm@openssh.com
-      - umac-128-etm@openssh.com
-      - hmac-sha2-512
-      - hmac-sha2-256
-      - hmac-sha1
-    ssh_macs_76_default:
-      - hmac-sha2-512-etm@openssh.com
-      - hmac-sha2-256-etm@openssh.com
-      - umac-128-etm@openssh.com
-      - hmac-sha2-512
-      - hmac-sha2-256
-      - hmac-sha1
-    ssh_ciphers_53_default:
-      - aes256-ctr
-      - aes192-ctr
-      - aes128-ctr
-      - aes256-cbc
-    ssh_ciphers_66_default:
-      - chacha20-poly1305@openssh.com
-      - aes256-gcm@openssh.com
-      - aes128-gcm@openssh.com
+    ssh_ciphers:
       - aes256-ctr
       - aes192-ctr
       - aes128-ctr
       - aes256-cbc
-    ssh_kex_59_default:
-      - diffie-hellman-group-exchange-sha256
-      - diffie-hellman-group-exchange-sha1
-    ssh_kex_66_default:
+    ssh_kex:
       - curve25519-sha256@libssh.org
       - diffie-hellman-group-exchange-sha256
       - diffie-hellman-group-exchange-sha1
