Avoid checking deprecated optinos for OpenSSH >7.4

E.g. on Ubuntu 18.04 Signed-off-by: Artem Sidorenko <artem@posteo.de>
dev-sec · Aug 1, 2018 · 9c64ca2 · 9c64ca2
1 parent 9004047
commit 9c64ca2
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/controls/ssh_spec.rb b/controls/ssh_spec.rb
@@ -22,6 +22,8 @@
   command('ssh').exist?
 end
 
+ssh_version = command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f
+
 control 'ssh-01' do
   impact 1.0
   title 'client: Check ssh_config owner, group and permissions.'
@@ -154,6 +156,7 @@
   impact 1.0
   title 'Client: Disable rhosts-based authentication'
   desc 'Avoid rhosts-based authentication, as it opens more ways for an attacker to enter a system.'
+  only_if { ssh_version < 7.4 }
   describe ssh_config do
     its('RhostsRSAAuthentication') { should eq('no') }
   end
@@ -163,6 +166,7 @@
   impact 1.0
   title 'Client: Enable RSA authentication'
   desc 'Make sure RSA authentication is used by default.'
+  only_if { ssh_version < 7.4 }
   describe ssh_config do
     its('RSAAuthentication') { should eq('yes') }
   end