could ssh-audit print desired config or add Generic guide documentation #191
Comments
daniejstriata
changed the title
This would require ssh-audit to be able to precisely identify the server's precise OpenSSH version. This isn't as easy as it sounds, as some distros back-port changes without bumping version numbers.
I'm not sure what you mean here. The guides are very specific to each OS/platform otherwise the commands would fail.
Sounds like this is a failure related to your RSA host keys. This would be fixed by re-generating them using |
|
@jtesta
What I mean with a generic guide is that I have / had some older hosts where I compile openssh from source and replace the default package. When I apply the guide matching the OS (like Centos 7) I don't get a flawless audit but what you mentioned last, about regenerating the rsa key. Now that makes sense as I could not do that step for the host in question without reaching out to external parties connecting to the server first. |
Ahh, I see what you mean. Sure, that would be pretty straightforward to add, but that would also increase my ongoing maintenance costs. I already feel like I'm always slightly behind, so perhaps this won't get implemented for the time being. However, if enough people want this feature, I'll certainly reconsider. Feel free to vote on this issue by adding a thumbs-up emoji to this comment. |
Can
ssh-auditnot print out the desired sshd config as an option or will it be possible to add a generic section to the guides? There are no guides for RHEL 9 based distros yet. I have some items I'm unsure how to resolve. Like:I have updated my moduli from the commands given in the hardening guide.
The text was updated successfully, but these errors were encountered: