Update sshd config for Focal #5660

emkll · 2020-12-01T15:31:10Z

Description

In the current sshd configuration, we specify a path to a host dsa key for the server, but that has been deprecated/disabled. This was uncovered by an ossec alert while reviewing #5638

The alert is as follows:

Dec 1 15:08:22 app-staging sshd[3302]: error: Unable to load host key: /etc/ssh/ssh_host_dsa_key

The server sshd config is

securedrop/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config

Line 5 in 1d50b6e

HostKey /etc/ssh/ssh_host_dsa_key

and removing the line should suffice. We should also review and audit the current configuration to ensure we adhere to current best practices.

The text was updated successfully, but these errors were encountered:

emkll added this to Next up in SecureDrop Team Board Dec 1, 2020

emkll mentioned this issue Dec 1, 2020

Support for Ubuntu 20.04 (Focal) #4768

Closed

53 tasks

emkll self-assigned this Dec 2, 2020

emkll moved this from Next up to In Development in SecureDrop Team Board Dec 2, 2020

emkll mentioned this issue Dec 9, 2020

Update and add annotations to sshd config for servers #5666

Merged

9 tasks

eloquence removed this from In Development in SecureDrop Team Board Dec 15, 2020

rmol added the ubuntu focal label Jan 28, 2021

conorsch closed this as completed in #5666 Feb 11, 2021

kushaldas mentioned this issue Feb 26, 2021

Release SecureDrop 1.8.0 #5794

Closed

27 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update sshd config for Focal #5660

Update sshd config for Focal #5660

emkll commented Dec 1, 2020

Update sshd config for Focal #5660

Update sshd config for Focal #5660

Comments

emkll commented Dec 1, 2020

Description