Remove deprecated UseLogin option #141
Conversation
Since OpenSSH 7.4/7.4p1 (2016-12-19)[0] (The default in Debian Stretch, CentOS 7 and others) the "UseLogin" option has been deprecated. Setting this option originally prevented usage of a "traditional" /usr/sbin/login-based login – but has been set to "no" by default since quite a while, so even if this role would be applied on a host with an older OpenSSH version, the default value should still be save. Fixes dev-sec#140 0. https://www.openssh.com/txt/release-7.4
|
@rndmh3ro Is there a reason this doesn't get merged? |
|
I haven't had time to look at this PR again, sorry. |
|
This PR broke https://github.com/dev-sec/ssh-baseline/blob/master/controls/sshd_spec.rb#L172 . I suggest revert. |
|
@alval5280 yes, that's expected. As I wrote in my previous comment: "One could set this option to yes, therefore weaken the security. But it's disabled by default and if one uses this module, you have to deliberatly set it to yes." So we're stuck for now with this broken test, until it's fixed here: dev-sec/ssh-baseline#95 |
Since OpenSSH 7.4/7.4p1 (2016-12-19)[0] (The default in Debian Stretch,
CentOS 7 and others) the "UseLogin" option has been deprecated.
Setting this option originally prevented usage of a "traditional"
/usr/sbin/login-based login – but has been set to "no" by default since
quite a while, so even if this role would be applied on a host with an
older OpenSSH version, the default value should still be save.
Fixes #140