-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removed Protocol statement in later versions of sshd, since the code … #342
Conversation
…for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se>
nice catch. could you also open a PR for https://github.com/dev-sec/ssh-baseline, so this is also reflected in the ssh-baseline? (this is why the CI jobs are failing) |
I don't understand what you want me to do. I'm not a developer ;-)
…On December 13, 2020 10:47:28 PM UTC, schurzi ***@***.***> wrote:
nice catch. could you also open a PR for
https://github.com/dev-sec/ssh-baseline, so this is also reflected in
the ssh-baseline? (this is why the CI jobs are failing)
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#342 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
Oh sorry. We are using code from another repo to verify if the ss-hardening works properly. The code verifies, if the changes from Ansible are as expected and generates a baseline for a secure system. Currently some of the checks are failing, because they chek for "Protocol 2" in sshd_config. (eg. https://github.com/dev-sec/ansible-collection-hardening/pull/342/checks?check_run_id=1546633011#step:6:728) The check in question is: Ths ssh-baseline repo also needs to be updated with this change, so the tests are passing again. We will only merge PRs if the tests are showing green. :) I know how to do that, and if you give me a few days time, I will do it. If you want to give it a try, you are also welcome to do so. The thing we need to add is a |
Thank you for the explanation. I'll leave it for you or someone else to do, atleast for now. |
…paces and orphan comments. Signed-off-by: Farid Joubbi <farid@joubbi.se>
As I have been analyzing the created /etc/ssh/sshd_config file, I got annoyed by all the unnecessary white spaces and some comments that didn't make any sense. I did some cleaning in my second commit. I hope that I didn't step on any ones toes by doing that. |
I gave it a try and fixed it myself. |
…for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se>
Signed-off-by: Farid Joubbi <farid@joubbi.se>
…sword_login. Signed-off-by: Farid Joubbi <farid@joubbi.se>
Signed-off-by: Farid Joubbi <farid@joubbi.se>
dev-sec#342) * Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Prettified the generated ssh_config. No functional changes, removed spaces and orphan comments. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Removed blank lines and prettified ssh_config. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Added note about setting sshd_authenticationmethods if ssh_server_password_login. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Backticked true. Signed-off-by: Farid Joubbi <farid@joubbi.se>
…for SSH-1 has been removed in sshd.
Signed-off-by: Farid Joubbi farid@joubbi.se
See https://www.undeadly.org/cgi?action=article;sid=20170501005206
The "Protocol" statement is not in the man page for the later versions:
https://man.openbsd.org/sshd_config
Tested with CentOS 7 running OpenSSH_7.4p1 where the option is there.
Tested with debian 10.7 running OpenSSH_7.9p1 where the option is not there.