New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

prohibit use of weak dh moduli #65

Closed
bkw opened this Issue Jan 7, 2015 · 4 comments

Comments

Projects
None yet
4 participants
@bkw
Contributor

bkw commented Jan 7, 2015

Another suggestion based on https://stribika.github.io/2015/01/04/secure-secure-shell.html by @stribika.
Quoting the blog post:

open /etc/ssh/moduli if exists, and delete lines where the 5th column is less than 2000.

I think this would make a nice addition to this cookbook.

Comments?

@bkw

This comment has been minimized.

Show comment
Hide comment
@bkw

bkw Jan 7, 2015

Contributor

Note to self:

awk '$5 >= 2000' /etc/ssh/moduli
Contributor

bkw commented Jan 7, 2015

Note to self:

awk '$5 >= 2000' /etc/ssh/moduli
@stribika

This comment has been minimized.

Show comment
Hide comment
@stribika

stribika Jan 8, 2015

That sounds good. There is some difference between existing /etc/ssh/moduli and generating it from scratch.

I generate 4096 bit primes only, but the file I had by default had everything between 1024 and 8129 so it will end up containing 2048-8192 bit primes.

stribika commented Jan 8, 2015

That sounds good. There is some difference between existing /etc/ssh/moduli and generating it from scratch.

I generate 4096 bit primes only, but the file I had by default had everything between 1024 and 8129 so it will end up containing 2048-8192 bit primes.

@arlimus

This comment has been minimized.

Show comment
Hide comment
@arlimus

arlimus Jan 14, 2015

Member

Thank you @bkw for pointing this out, much appreciated!
Also thank you @stribika for your insights!
This one is still in the pipeline but should make it into the next release.

Member

arlimus commented Jan 14, 2015

Thank you @bkw for pointing this out, much appreciated!
Also thank you @stribika for your insights!
This one is still in the pipeline but should make it into the next release.

@artem-sidorenko

This comment has been minimized.

Show comment
Hide comment
@artem-sidorenko

artem-sidorenko Nov 10, 2016

Member

me and @atomic111 agreed to push everything besides #132 to the 2.0.0, so I'm changing the milestone

Member

artem-sidorenko commented Nov 10, 2016

me and @atomic111 agreed to push everything besides #132 to the 2.0.0, so I'm changing the milestone

@artem-sidorenko artem-sidorenko added this to the v2.0.0 milestone Nov 10, 2016

@artem-sidorenko artem-sidorenko self-assigned this Jan 14, 2017

artem-sidorenko added a commit to artem-forks/ssh-baseline that referenced this issue Jan 14, 2017

@atomic111 atomic111 closed this in #163 Jan 18, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment