Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid checking deprecated optinos for OpenSSH >=7.6 #110

Merged
merged 1 commit into from
Aug 1, 2018
Merged

Avoid checking deprecated optinos for OpenSSH >=7.6 #110

merged 1 commit into from
Aug 1, 2018

Conversation

artem-sidorenko
Copy link
Member

E.g. on Ubuntu 18.04

Signed-off-by: Artem Sidorenko artem@posteo.de

@artem-sidorenko
Copy link
Member Author

See dev-sec/chef-ssh-hardening#195 and dev-sec/chef-ssh-hardening#198

@artem-sidorenko artem-sidorenko mentioned this pull request Aug 1, 2018
Closed
frederikbosch
frederikbosch approved these changes Aug 1, 2018
View reviewed changes
Copy link

@frederikbosch frederikbosch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The approach looks good to me. The main issue here is how to be sure that we parse the output of ssh -V correctly across different operating systems. This seems correct for Ubuntu, my own OS. Hopefully this works for the others too.

@artem-sidorenko
Avoid checking deprecated optinos for OpenSSH >=7.6
5702120 
E.g. on Ubuntu 18.04

SSH protocol version 1 was removed from OpenSSH 7.6:
- https://www.openssh.com/txt/release-7.6
- https://www.openssh.com/txt/release-7.5

Signed-off-by: Artem Sidorenko <artem@posteo.de>
@artem-sidorenko artem-sidorenko changed the title Avoid checking deprecated optinos for OpenSSH >7.4 Avoid checking deprecated optinos for OpenSSH >=7.6 Aug 1, 2018
@artem-sidorenko
Copy link
Member Author

@frederikbosch thanks! I tested it with test-kitchen from chef-os-hardening on all supported platforms, it looks good

chris-rock
chris-rock approved these changes Aug 1, 2018
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great improvement @artem-sidorenko

controls/ssh_spec.rb
@@ -22,6 +22,8 @@
command('ssh').exist?
end

ssh_version = command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we do this in a resource, so that we could reuse it for other test too in the future?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets do it once we need it?

@chris-rock chris-rock merged commit aa4eb82 into dev-sec:master Aug 1, 2018
@artem-sidorenko artem-sidorenko deleted the ubuntu-18 branch August 1, 2018 10:22
This was referenced Aug 2, 2018
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-rock chris-rock chris-rock approved these changes

@frederikbosch frederikbosch frederikbosch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@artem-sidorenko @chris-rock @frederikbosch