control sshd-14 fails on Amazon Linux #91
Conversation
…fig” with the value "/etc/ssh/ssh_host_rsa_key", causing the control sshd-14 to fail. To get it fixed I added a condition on the code block that set the valid_algorithms on the file ssh_crypto.rb, stating that when inspec.os[:name] returns ’amazon’, alg = alg53.
| @@ -247,6 +247,8 @@ def valid_algorithms # rubocop:disable Metrics/CyclomaticComplexity, Metrics/Met | |||
| when /10.10\./, /10.11\./, /10.12\./ | |||
| alg66 | |||
| end | |||
| when 'amazon' | |||
| alg = alg53 | |||
There was a problem hiding this comment.
Do we need to distinguish between versions? I assume newer versions support the same as RHEL 7
There was a problem hiding this comment.
I just checked the following version and all of them set the value "/etc/ssh/ssh_host_rsa_key" to the parameter HostKey on the file “/etc/ssh/sshd_config”. It seems to be the default to Amazon Linux.
Amazon Linux AMI release 2017.03
Amazon Linux AMI release 2016.03
Amazon Linux AMI release 2014.09
Amazon Linux AMI release 2012.09
There was a problem hiding this comment.
@jonasduarte I checked this params on Amazon Linux AMI 2017.09.0.20170930 x86_64 HVM and this immages supports the alg66. I think we should distinguish between the version.
[ec2-user@ip-172-31-11-144 ~]$ ls -la /etc/ssh/sshd_config
-rw-r--r-- 1 root root 3934 Nov 1 09:25 /etc/ssh/sshd_config
[ec2-user@ip-172-31-11-144 ~]$ ls -la /etc/ssh/
total 620
drwxr-xr-x 2 root root 4096 Nov 1 09:25 .
drwxr-xr-x 78 root root 4096 Nov 1 09:25 ..
-rw-r--r-- 1 root root 581843 Aug 25 00:33 moduli
-rw-r--r-- 1 root root 2346 Aug 25 00:33 ssh_config
-rw-r--r-- 1 root root 3934 Nov 1 09:25 sshd_config
-rw------- 1 root root 668 Nov 1 09:25 ssh_host_dsa_key
-rw-r--r-- 1 root root 611 Nov 1 09:25 ssh_host_dsa_key.pub
-rw------- 1 root root 227 Nov 1 09:25 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 183 Nov 1 09:25 ssh_host_ecdsa_key.pub
-rw-r----- 1 root ssh_keys 387 Nov 1 09:25 ssh_host_ed25519_key
-rw-r--r-- 1 root root 82 Nov 1 09:25 ssh_host_ed25519_key.pub
-rw------- 1 root root 1675 Nov 1 09:25 ssh_host_rsa_key
-rw-r--r-- 1 root root 403 Nov 1 09:25 ssh_host_rsa_key.pub
There was a problem hiding this comment.
@jonasduarte can you add the different params also?
Amazon Linux set the parameter HostKey on the file “/etc/ssh/sshd_config” with the value "/etc/ssh/ssh_host_rsa_key", causing the control sshd-14 to fail.
To get it fixed I added a condition on the code block that set the valid_algorithms on the file ssh_crypto.rb, stating that when inspec.os[:name] returns ’amazon’, alg = alg53.