-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh 5.3 on CentOS 6 supports macs59 #125
Comments
@wojciech-kopras Thank you for your report. You observe an interesting point where the baseline is only doing an openssh version guess. We should implement a proper openssh version detection and fallback to os-based guessing only if the openssh version could not be determined. We implemented a similar logic in https://github.com/dev-sec/chef-ssh-hardening/blob/master/libraries/devsec_ssh.rb#L194-L205 Any help is welcome to make this happen. |
@chris-rock my new colleague wanted to contribute that, hopefully we will get this in the next time:-) |
Because of RedHat's backports policy probably there is no other way than conditional assigning of values. |
@wojciech-kopras do you maybe know if this support was backported by RH at some point or if it's/was a problem on our side for a long time? |
I don't know. I have noticed that, when I deployed ansible role for ssh and had to solve some connection issues. |
Describe the bug
Currently is defined that ssh on CentOS 6 supports only macs from
macs53
list. With this settings it's impossible to connect by ssh from CentOS 6 to a server with CentOS 7 -- you can see it, when you compare listsmacs53
andmacs66
.Expected behavior
In
man sshd_config
with openssh v.5.3p1-104.el6_6.1
you can see:So macs from
macs59
list are supported and could be used.Actual behavior
Only macs from
macs53
list are allowed.OS / Environment
CentOS 6, openssh 5.3p1-104.el6_6.1
The text was updated successfully, but these errors were encountered: