Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update sshd config for Focal #5660

Closed
emkll opened this issue Dec 1, 2020 · 0 comments · Fixed by #5666
Closed

Update sshd config for Focal #5660

emkll opened this issue Dec 1, 2020 · 0 comments · Fixed by #5666
Assignees
@emkll
Labels
ubuntu focal

Comments

@emkll
Copy link
Contributor

emkll commented Dec 1, 2020

Description

In the current sshd configuration, we specify a path to a host dsa key for the server, but that has been deprecated/disabled. This was uncovered by an ossec alert while reviewing #5638

The alert is as follows:

Dec 1 15:08:22 app-staging sshd[3302]: error: Unable to load host key: /etc/ssh/ssh_host_dsa_key

The server sshd config is

securedrop/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config

Line 5 in 1d50b6e

HostKey /etc/ssh/ssh_host_dsa_key

and removing the line should suffice. We should also review and audit the current configuration to ensure we adhere to current best practices.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emkll emkll

Labels
ubuntu focal
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update and add annotations to sshd config for servers freedomofpress/securedrop
2 participants
@emkll @rmol