content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

hmac-ripemd160 no longer available on openssh 7.6 and newer (2017+)

Open msmeissn opened this issue 2 years ago • 0 comments

Description of problem:

linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs remediation tries to inject a "hmac-ripemd160" hmac.

this is not available on SLES 15.

It was removed with openssh 7.6 upstream in 2017, so it probably can go away here too. https://www.openssh.com/txt/release-7.6

SCAP Security Guide Version:

0.1.60

Operating System Version:

SUSE Linux Enterprise Server 15 SP2

Steps to Reproduce:

  1. run cis bash remediaton
  2. restart sshd

Actual Results:

sshd no longer starts, complains about "MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160" line

Expected Results:

sshd starts

Additional Information/Debugging Steps:

msmeissn avatar Feb 13 '22 15:02 msmeissn