Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

control sshd-14 fails on Amazon Linux #91

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

control sshd-14 fails on Amazon Linux #91

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions libraries/ssh_crypto.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,8 @@ def valid_algorithms # rubocop:disable Metrics/CyclomaticComplexity, Metrics/Met
when /10.10\./, /10.11\./, /10.12\./
alg66
end
when 'amazon'
alg = alg53
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to distinguish between versions? I assume newer versions support the same as RHEL 7

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just checked the following version and all of them set the value "/etc/ssh/ssh_host_rsa_key" to the parameter HostKey on the file “/etc/ssh/sshd_config”. It seems to be the default to Amazon Linux.

Amazon Linux AMI release 2017.03
Amazon Linux AMI release 2016.03
Amazon Linux AMI release 2014.09
Amazon Linux AMI release 2012.09

Copy link
Member

@atomic111 atomic111 Nov 1, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonasduarte I checked this params on Amazon Linux AMI 2017.09.0.20170930 x86_64 HVM and this immages supports the alg66. I think we should distinguish between the version.

[ec2-user@ip-172-31-11-144 ~]$ ls -la /etc/ssh/sshd_config
-rw-r--r-- 1 root root 3934 Nov  1 09:25 /etc/ssh/sshd_config
[ec2-user@ip-172-31-11-144 ~]$ ls -la /etc/ssh/
total 620
drwxr-xr-x  2 root root       4096 Nov  1 09:25 .
drwxr-xr-x 78 root root       4096 Nov  1 09:25 ..
-rw-r--r--  1 root root     581843 Aug 25 00:33 moduli
-rw-r--r--  1 root root       2346 Aug 25 00:33 ssh_config
-rw-r--r--  1 root root       3934 Nov  1 09:25 sshd_config
-rw-------  1 root root        668 Nov  1 09:25 ssh_host_dsa_key
-rw-r--r--  1 root root        611 Nov  1 09:25 ssh_host_dsa_key.pub
-rw-------  1 root root        227 Nov  1 09:25 ssh_host_ecdsa_key
-rw-r--r--  1 root root        183 Nov  1 09:25 ssh_host_ecdsa_key.pub
-rw-r-----  1 root ssh_keys    387 Nov  1 09:25 ssh_host_ed25519_key
-rw-r--r--  1 root root         82 Nov  1 09:25 ssh_host_ed25519_key.pub
-rw-------  1 root root       1675 Nov  1 09:25 ssh_host_rsa_key
-rw-r--r--  1 root root        403 Nov  1 09:25 ssh_host_rsa_key.pub

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonasduarte can you add the different params also?

end

alg
Expand Down