-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ncm-ssh: disable insecure ssh ciphersuites and macs #1058
Conversation
@@ -10,18 +10,64 @@ include 'pan/types'; | |||
|
|||
type ssh_preferred_authentication = string with match(SELF, '^(gssapi-with-mic|hostbased|publickey|keyboard-interactive|password)$'); | |||
|
|||
|
|||
type ssh_ciphers = string with is_valid_ssh_cipher(SELF); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you introduce a new type that already exists in metaconfig/ssh
and it is not used in this template. make an issue to resolve this, and add a comment with the issue number here, and comment this type for now.
you can already check that the current definition in metaconfig /ssh is the same regexp
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what exactly do I need to resolve?
This way of working was recommended to me by @wdpypere To keep it backwards compatible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did what now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the types are unique. haveing this type here implies that you cannot include the metaconfig service that has the same type defined. there can be only one...
Pushing back to 17.4 as we are trying to avoid user-facing changes in 17.3. |
@JensTimmerman could you address @stdweird's comment please? |
@JensTimmerman can you fix the typo in the title and prefix the commit message with |
@hpcugentbot retest this please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Travis test can be ignored, LGTM.
@JensTimmerman any news? |
@JensTimmerman ping? |
ok thanks |
9665d8b
to
1581894
Compare
@stdweird can you clarify? |
@jrha i think it's clear now for @JensTimmerman he renamed the duplicate type names, to be removed in later PR when the types are part of template libary core |
…onfiguration-modules-core into JensTimmerman-ssh_improved_sec
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, will squash when merging.
Replaces #983.