Removed Protocol statement in later versions of sshd, since the code … #342
Conversation
…for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se>
|
nice catch. could you also open a PR for https://github.com/dev-sec/ssh-baseline, so this is also reflected in the ssh-baseline? (this is why the CI jobs are failing) |
|
I don't understand what you want me to do. I'm not a developer ;-)
…On December 13, 2020 10:47:28 PM UTC, schurzi ***@***.***> wrote:
nice catch. could you also open a PR for
https://github.com/dev-sec/ssh-baseline, so this is also reflected in
the ssh-baseline? (this is why the CI jobs are failing)
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#342 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
Oh sorry. We are using code from another repo to verify if the ss-hardening works properly. The code verifies, if the changes from Ansible are as expected and generates a baseline for a secure system. Currently some of the checks are failing, because they chek for "Protocol 2" in sshd_config. (eg. https://github.com/dev-sec/ansible-collection-hardening/pull/342/checks?check_run_id=1546633011#step:6:728) The check in question is: Ths ssh-baseline repo also needs to be updated with this change, so the tests are passing again. We will only merge PRs if the tests are showing green. :) I know how to do that, and if you give me a few days time, I will do it. If you want to give it a try, you are also welcome to do so. The thing we need to add is a |
|
Thank you for the explanation. I'll leave it for you or someone else to do, atleast for now. |
…paces and orphan comments. Signed-off-by: Farid Joubbi <farid@joubbi.se>
|
As I have been analyzing the created /etc/ssh/sshd_config file, I got annoyed by all the unnecessary white spaces and some comments that didn't make any sense. I did some cleaning in my second commit. I hope that I didn't step on any ones toes by doing that. |
I gave it a try and fixed it myself. |
…for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se>
Signed-off-by: Farid Joubbi <farid@joubbi.se>
…sword_login. Signed-off-by: Farid Joubbi <farid@joubbi.se>
Signed-off-by: Farid Joubbi <farid@joubbi.se>
dev-sec#342) * Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Prettified the generated ssh_config. No functional changes, removed spaces and orphan comments. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Removed blank lines and prettified ssh_config. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Added note about setting sshd_authenticationmethods if ssh_server_password_login. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Backticked true. Signed-off-by: Farid Joubbi <farid@joubbi.se>
…for SSH-1 has been removed in sshd.
Signed-off-by: Farid Joubbi farid@joubbi.se
See https://www.undeadly.org/cgi?action=article;sid=20170501005206
The "Protocol" statement is not in the man page for the later versions:
https://man.openbsd.org/sshd_config
Tested with CentOS 7 running OpenSSH_7.4p1 where the option is there.
Tested with debian 10.7 running OpenSSH_7.9p1 where the option is not there.