ncm-ssh: disable insecure ssh ciphersuites and macs #1058
Conversation
| @@ -10,18 +10,64 @@ include 'pan/types'; | |||
|
|
|||
| type ssh_preferred_authentication = string with match(SELF, '^(gssapi-with-mic|hostbased|publickey|keyboard-interactive|password)$'); | |||
|
|
|||
|
|
|||
| type ssh_ciphers = string with is_valid_ssh_cipher(SELF); | |||
There was a problem hiding this comment.
you introduce a new type that already exists in metaconfig/ssh and it is not used in this template. make an issue to resolve this, and add a comment with the issue number here, and comment this type for now.
you can already check that the current definition in metaconfig /ssh is the same regexp
There was a problem hiding this comment.
what exactly do I need to resolve?
This way of working was recommended to me by @wdpypere To keep it backwards compatible.
There was a problem hiding this comment.
the types are unique. haveing this type here implies that you cannot include the metaconfig service that has the same type defined. there can be only one...
|
Pushing back to 17.4 as we are trying to avoid user-facing changes in 17.3. |
|
@JensTimmerman could you address @stdweird's comment please? |
|
@JensTimmerman can you fix the typo in the title and prefix the commit message with |
jrha
changed the title
jrha
changed the title
|
@hpcugentbot retest this please |
|
@JensTimmerman any news? |
|
@JensTimmerman ping? |
|
ok thanks |
JensTimmerman
force-pushed
the
ssh_improved_sec
branch
from
9665d8b
to
1581894
Compare
|
@stdweird can you clarify? |
|
@jrha i think it's clear now for @JensTimmerman he renamed the duplicate type names, to be removed in later PR when the types are part of template libary core |
…onfiguration-modules-core into JensTimmerman-ssh_improved_sec
Replaces #983.