Disable experimental client roaming #108

Merged
merged 1 commit into from Jan 19, 2016

Conversation

Projects
None yet
2 participants
@ascendantlogic
Contributor

ascendantlogic commented Jan 14, 2016

Disable the experimental client roaming feature to mitigate this vulnerability

metadata.rb
@@ -21,9 +21,8 @@
license "Apache 2.0"
description "This cookbook installs and provides secure ssh and sshd configurations."
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version "1.1.0"
+version "1.2.0"

This comment has been minimized.

@chris-rock

chris-rock Jan 15, 2016

Member

can you remove the version bump from the PR? we do that separately

@chris-rock

chris-rock Jan 15, 2016

Member

can you remove the version bump from the PR? we do that separately

This comment has been minimized.

@ascendantlogic

ascendantlogic Jan 18, 2016

Contributor

Yep, it's just habit from whenever I modify my own cookbooks :)

@ascendantlogic

ascendantlogic Jan 18, 2016

Contributor

Yep, it's just habit from whenever I modify my own cookbooks :)

templates/default/openssh.conf.erb
+
+# http://undeadly.org/cgi?action=article&sid=20160114142733
+UseRoaming no

This comment has been minimized.

@chris-rock

chris-rock Jan 15, 2016

Member

would love to see an option to activate and deactivate roaming.

@chris-rock

chris-rock Jan 15, 2016

Member

would love to see an option to activate and deactivate roaming.

This comment has been minimized.

@ascendantlogic

ascendantlogic Jan 18, 2016

Contributor

Sure, I can do that. From what I understand this feature was never finished on the server-side, and was considered experimental on the client side.

@ascendantlogic

ascendantlogic Jan 18, 2016

Contributor

Sure, I can do that. From what I understand this feature was never finished on the server-side, and was considered experimental on the client side.

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Jan 15, 2016

Member

Thanks @ascendantlogic for adding this feature. I added some small comments

Member

chris-rock commented Jan 15, 2016

Thanks @ascendantlogic for adding this feature. I added some small comments

@ascendantlogic

This comment has been minimized.

Show comment
Hide comment
@ascendantlogic

ascendantlogic Jan 18, 2016

Contributor

@chris-rock updated per your comments

Contributor

ascendantlogic commented Jan 18, 2016

@chris-rock updated per your comments

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Jan 19, 2016

Member

Thanks @ascendantlogic for this improvement

Member

chris-rock commented Jan 19, 2016

Thanks @ascendantlogic for this improvement

chris-rock added a commit that referenced this pull request Jan 19, 2016

@chris-rock chris-rock merged commit 16abf35 into dev-sec:master Jan 19, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage remained the same at 100.0%
Details

rndmh3ro pushed a commit to dev-sec/ansible-ssh-hardening that referenced this pull request Jan 24, 2016

@rndmh3ro rndmh3ro referenced this pull request in dev-sec/ansible-ssh-hardening Jan 24, 2016

Merged

Disable experimental client roaming. #49

chris-rock added a commit to dev-sec/ansible-ssh-hardening that referenced this pull request Feb 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment