ssh-audit icon indicating copy to clipboard operation
ssh-audit copied to clipboard
verified publisher icon jtesta

policies suggest different orders

Open perkelix opened this issue 1 year ago • 0 comments

There are inconsistencies between policies when it comes to the order in which options should appear.

Hardened Debian 12 (version 1) wants "[email protected], [email protected], [email protected], aes256-ctr, aes192-ctr, aes128-ctr" while Hardened Ubuntu Server 24.04 LTS (version 1) wants "[email protected], [email protected], aes256-ctr, aes192-ctr, [email protected], aes128-ctr"

Likewise, for host keys, Hardened Debian 12 (version 1) wants "rsa-sha2-512, rsa-sha2-256, ssh-ed25519" while Hardened Ubuntu Server 24.04 LTS (version 1) wants "ssh-ed25519, rsa-sha2-512, rsa-sha2-256".

The order should remain consistent between policies, unless there's a compelling reason not to. If there is, the rational for the exception should be explained.

perkelix avatar Jul 07 '24 08:07 perkelix