Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use default ssh host key algorithms #3887

Closed
wants to merge 1 commit into from
Closed

Use default ssh host key algorithms #3887

wants to merge 1 commit into from

Conversation

tiran
Copy link
Member

@tiran tiran commented Nov 12, 2019

ipa-client-install no longer overrides SSH client settings for
HostKeyAlgorithms. It's no longer necessary to configure
HostKeyAlgorithms. The setting was disabling modern algorithms and
enabled a weak algorithm that is blocked in FIPS code.

The ipa-client package removes IPA's custom HostKeyAlgorithm from
/etc/ssh/ssh_config during package update. Non-IPA settings are not
touched.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1756432
Fixes: https://pagure.io/freeipa/issue/8082
Signed-off-by: Christian Heimes cheimes@redhat.com

@tiran tiran added needs review Pull Request is waiting for a review ipa-4-7 ipa-4-6 Mark for backport to ipa 4.6 ipa-4-8 Mark for backport to ipa 4.8 labels Nov 12, 2019
abbra
abbra reviewed Nov 12, 2019
View reviewed changes
freeipa.spec.in Outdated Show resolved Hide resolved
@tiran
Use default ssh host key algorithms
52d6753 
ipa-client-install no longer overrides SSH client settings for
HostKeyAlgorithms. It's no longer necessary to configure
HostKeyAlgorithms. The setting was disabling modern algorithms and
enabled a weak algorithm that is blocked in FIPS code.

The ipa-client package removes IPA's custom HostKeyAlgorithm from
/etc/ssh/ssh_config during package update. Non-IPA settings are not
touched.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1756432
Fixes: https://pagure.io/freeipa/issue/8082
Signed-off-by: Christian Heimes <cheimes@redhat.com>
@abbra
Copy link
Contributor

abbra commented Nov 12, 2019

LGTM

@abbra abbra added ack Pull Request approved, can be merged and removed needs review Pull Request is waiting for a review labels Nov 12, 2019
@tiran tiran added the pushed Pull Request has already been pushed label Nov 12, 2019
@tiran
Copy link
Member Author

tiran commented Nov 12, 2019

master:

  • 97a31e6 Use default ssh host key algorithms

@tiran tiran closed this Nov 12, 2019
This was referenced Nov 12, 2019
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abbra abbra abbra left review comments

Assignees
No one assigned
Labels
ack Pull Request approved, can be merged ipa-4-6 Mark for backport to ipa 4.6 ipa-4-8 Mark for backport to ipa 4.8 pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@tiran @abbra