content
content copied to clipboard
hmac-ripemd160 no longer available on openssh 7.6 and newer (2017+)
Description of problem:
linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs remediation tries to inject a "hmac-ripemd160" hmac.
this is not available on SLES 15.
It was removed with openssh 7.6 upstream in 2017, so it probably can go away here too. https://www.openssh.com/txt/release-7.6
SCAP Security Guide Version:
0.1.60
Operating System Version:
SUSE Linux Enterprise Server 15 SP2
Steps to Reproduce:
- run cis bash remediaton
- restart sshd
Actual Results:
sshd no longer starts, complains about "MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160" line
Expected Results:
sshd starts