Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

possible fix for #95 deprecated option UseLogin #103

Closed
wants to merge 1 commit into from
Closed

possible fix for #95 deprecated option UseLogin #103

wants to merge 1 commit into from

Conversation

MrSecure
Copy link

@MrSecure MrSecure commented May 2, 2018

In my testing this fixes the deprecation of the UseLogin option in more recent OpenSSH versions.
Additionally, it should detect the insecure configuration as far back as OpenSSH 3.0.2 (release notes link below state that UseLogin was NOT ENABLED by default at that time)

https://www.openssh.com/txt/release-3.0.2

@MrSecure MrSecure mentioned this pull request May 2, 2018
Open
@chris-rock chris-rock requested a review from atomic111 May 4, 2018 12:40
chris-rock
chris-rock approved these changes May 4, 2018
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @MrSecure for this improvement

@atomic111
Copy link
Member

@MrSecure thanks for your PR, it would be nice to check for no and for nil in an describe.one block. Can you adjust this please?

@chris-rock
Copy link
Member

chris-rock commented May 4, 2018
edited
Loading

Thank you @atomic111 you are right, it should be

descibe.one do
  describe sshd_config do
    its('UseLogin') { should eq 'no' }
  end
  describe sshd_config do
    its('UseLogin') { should eq nil }
  end
end

then. This prevent that all other values then nil and no are invalid, while not yes allows a lot of other values.

chris-rock
chris-rock requested changes May 4, 2018
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As requested in my comment, I think we should make the control a little bit more narrow in its allowed values

@atomic111
Copy link
Member

@MrSecure can you please add this small change?

@artem-sidorenko
Copy link
Member

@MrSecure @chris-rock @atomic111 we can now do it depending on the ssh version, see #110

@chris-rock
Copy link
Member

@artem-sidorenko That would be a great solution

@artem-sidorenko artem-sidorenko self-assigned this Aug 3, 2018
@artem-sidorenko
Copy link
Member

closing this in favour of #114

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-rock chris-rock chris-rock requested changes

@atomic111 atomic111 Awaiting requested review from atomic111

Assignees

@artem-sidorenko artem-sidorenko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MrSecure @atomic111 @chris-rock @artem-sidorenko