puppet-ssh-hardening
puppet-ssh-hardening copied to clipboard
dev-sec
This puppet module provides secure ssh-client and ssh-server configurations.
remove hmac-ripemd160 for ubuntu 18 & 20 that use OpenSSH versions >=7.6 see also https://github.com/dev-sec/puppet-ssh-hardening/issues/69 more of a quick and dirty fix than a thoughtful rework fo the current process,...
Hi, I get some warnings doing a git checkout via SSH when using this module under Artful Aardvark. I receive the following: ==> default: /etc/ssh/ssh_config line 22: Unsupported option "rsaauthentication"...
Since OpenSSH >= 7.4 has deprecated the UseLogin option, remove it from the template. The default setting for UseLogin has been "no" since ~ OpenSSH v3.0.2 (https://www.openssh.com/txt/release-3.0.2) so the risk...
Ubuntu 18.04 version/build of SSH no longer supports hmac-ripemd160 Release notes for OpenSSH 7.6: https://www.openssh.com/txt/release-7.6 * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC. This is perhaps further weight on the...
The current approach to select Cipher/Kex/MAC based on the distribution name and the OS release is not very good. It does not account for - OS release's default version and...
I'm trying to use the puppet-ssh-hardening module to provide a secure `sshd_config` to my servers. I'm using Hiera to manage my config. When using saz-ssh I can add config in...
I have some switches that I need to ssh into from a single server. Even with the latest firmware they dont support secure ssh cyphers so I wanted to allow...
I would parameterize all of the variables, but I do not see much need at the moment. Let me know if this repo is a dead project at this point,...
ciphers: https://github.com/dev-sec/tests-ssh-hardening/blob/master/libraries/ssh_crypto.rb#L27 kex: https://github.com/dev-sec/tests-ssh-hardening/blob/master/libraries/ssh_crypto.rb#L60 macs: https://github.com/dev-sec/tests-ssh-hardening/blob/master/libraries/ssh_crypto.rb#L96 privilege separation: https://github.com/dev-sec/tests-ssh-hardening/blob/master/libraries/ssh_crypto.rb#L134
Currently the parser functions are working on os details which have to be updated everything there is a new os version or ssh is updated in a os. by requiring...
