WIP: ssh baseline refactoring.

[JHeinzde]

This is a WIP refactoring of the ssh baseline to match the chef-ssh-hardening implementation.

[chris-rock]

@JHeinzde Very nice. I am looking forward to see this work completed

[artem-sidorenko]

@JHeinzde great work! Lets maybe try to split it to different PRs to be able to move forward fast. As suggestion/idea:

• one PR related to the linting/rubocop stuff
• another PR with renaming of ssh_version to real_ssh_version and switch of current controls to it
• next PR with first implementation of ssh_version and only for privlege_separation part
• next PR or PRs with crypto stuff, algorithms etc

What do you think?

[artem-sidorenko]

I guess we need that only as a intermediate step to avoid breaking the baseline and do not need it when everything is complete, right? (I see this command as part of ssh_version)

[JHeinzde]

I hope so yes. This is indeed only temporary to avoid any breaking changes to the baseline.

[JHeinzde]

Hello @artem-sidorenko, I have put more work into this and will honor the plan you described here, but modify it a bit:

one PR related to the linting/rubocop stuff
another PR with the renaming of ssh_version to real_ssh_version and switch of current controls to it
next PR with a first implementation of ssh_version and only for privlege_separation part
next PR or PRs with crypto stuff, algorithms etc.

Since I think no rename is required to ssh_version its going to stay like this.
I will first submit 2 pull requests. The first PR is going to be aimed at find_ssh_version, guess_ssh_version and PRIVILEGE_SEPARATION and HOSTKEY Algorithms. The second PR is going to introduce the cryptologic of devsec_ssh.rb.

The last one is going to be related to rubocop/other stuff, when I can figure out the consequences of this, since at least for me currently the travis build is broken with these changes I've done