Allow setting MACs in SSHD config

[mlacko64]

Issue number:

https://github.com/bottlerocket-os/bottlerocket-admin-container/issues/90

Description of changes:

This change adds option to customize MACs for SSH , for example, to disable SHA1 MACs which are reported as deprecated by vulnerability scanner. README.md updated.

Testing done:

Created custom container and tested in my lab cluster, works as expected.

SSHD config contains line: MACs hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com

SSHD server offers just MACs selected by me:

debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[mlacko64]

Thanks for comments, I have:

• removed "hmac-md5" and "hmac-md5-96" from example
• updated readme.md with info that ciphers, key exchange algorithms and MACs can be also just added or removed from list
• squashed all commits into one

[jpculp]

@mlacko64, thanks for doing this! I think we can probably go ahead and merge this into an upcoming container release, but would you be willing to prune the commit message beforehand? The top line is probably enough to suffice.

[mlacko64]

@jpculp sure, I have pruned commit message as you suggested