ssh-baseline

ssh-baseline copied to clipboard

Introducing find_ssh_version and guess_ssh_version

2

This PR contains an implementation for find_ssh_version and guess_ssh_version. These provide the same behaviors as the methods in devsec_ssh.rb in the chef ssh hardening cookbook. This PR is the first...

JHeinzde

sftp disabled by default

3

**Describe the bug** Protocol sftp is disabled by default. This enforces using scp. Described in [README](https://github.com/dev-sec/ansible-ssh-hardening/blob/master/README.md): > This role by default deactivates SFTP. **Expected behavior** Today I have read [release...

wojciech-kopras

RHEL6 accepts crypto settings from openssh 5.9

6

To fix #125

wojciech-kopras

WIP: ssh baseline refactoring.

2

This is a WIP refactoring of the ssh baseline to match the chef-ssh-hardening implementation.

JHeinzde

Currently we distinguish different target parameters within library based on the distro information. It would be much better to have this logic based on the openssh version instead (and maybe...

artem-sidorenko

Currently if there are Match blocks containing an option, inspec will return an array for example ```  "\u001b[38;5;9m × sshd-39: Server: Disable TCP forwarding",   "\u001b[38;5;9m × SSHD...

juju4

ssh_crypto.rb hardcodes the location of the ssh config directory

1

Although you can specify a path for the ssh config it seems to assume that the host keys are always assumed to be in /etc/ssh here's the bit of code...

weaverslodge

Hi, I've recently built openssh and learned the following: sshd privilege separation feature requires specific "privsep" directory (sshd chroot) ownership & permissions to be applied. - path to privsep dir...

mgrobelin

Amazon Linux set the parameter HostKey on the file “/etc/ssh/sshd_config” with the value "/etc/ssh/ssh_host_rsa_key", causing the control sshd-14 to fail. To get it fixed I added a condition on the...

jonasduarte

Add support for GSSAPIAuthentication

5

bbigras