From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
#:<pre> | #:<pre> | ||
#::cp /etc/ssh/sshd_config sshd_config.bak | #::cp /etc/ssh/sshd_config sshd_config.bak | ||
#::echo 'Ciphers | #::echo -e 'Match *\n Ciphers 3des-cbc' >>/etc/ssh/sshd_config | ||
#::service sshd restart</pre> | #::service sshd restart</pre> | ||
# Switch to NORMAL profile | # Switch to NORMAL profile | ||
#:<pre> | #:<pre> | ||
#::update-crypto-policies --set | #::update-crypto-policies --set DEFAULT</pre> | ||
# Connect to the server | # Connect to the server | ||
#:<pre> | #:<pre> | ||
Revision as of 13:47, 29 March 2017
Description
OpenSSH support
How to test
We will test if openssh client respects current policy
- Prepare ssh server that uses old crypto
- cp /etc/ssh/sshd_config sshd_config.bak
- echo -e 'Match *\n Ciphers 3des-cbc' >>/etc/ssh/sshd_config
- service sshd restart
- Switch to NORMAL profile
- update-crypto-policies --set DEFAULT
- Connect to the server
- ssh -vv localhost 'echo CONNECTED'
- Switch to FUTURE profile
- update-crypto-policies --set FUTURE
- Connect to the server
- ssh -vv localhost 'echo CONNECTED'
- Restore original settings
- cp sshd_config.bak /etc/ssh/sshd_config
- service sshd restart
Expected Results
- sshd server starts successfully
- no error
- connection is established - CONNECTED is printed
- no error
- connection is NOT established
- sshd server starts successfully