Univention Bugzilla – Bug 38609
univention-ssh: Make ciphers/MACs configurable through UCR
Last modified: 2015-09-01 11:54:22 CEST
Weak algorithms should be disabled by default. base/univention-base-files/conffiles/etc/ssh/sshd_config MACs Ciphers
Configurable KexAlgorithms would also be nice.
r63280 | Bug #38609 ssh: Make ssh algorithms configurable r63285 | Bug #38609 ssh: Make ssh algorithms configurable Algorithms are not disabled for now, as this breaks backwards compatibility. sshd/MACs sshd/Ciphers sshd/KexAlgorithms Package: univention-base-files Version: 4.0.8-7.194.201508271117 Branch: ucs_4.0-0 Scope: errata4.0-3 Package: univention-base-files Version: 5.0.0-1.193.201508271117 Branch: ucs_4.1-0 r63291 | Bug #38609,Bug #38709,Bug #38710,Bug #38711: ssh 2015-08-27-univention-base-files.yaml
r63321 | Bug #38609 ssh: Make ssh algorithms configurable r63320 | Bug #38609 ssh: Make ssh algorithms configurable Fixed Ciphers and Kex copy-paste-error Also added sshd/config/ UCRVs to add arbitrary options like sshd/config/PermitUserEnvironment: yes or even sshd/config/0001: # line1 sshd/config/0002: # line2 Package: univention-base-files Version: 4.0.8-8.196.201508281549 Branch: ucs_4.0-0 Scope: errata4.0-3 r63322 | Bug #38609 ssh: Make ssh algorithms configurable YAML 2015-08-27-univention-base-files.yaml
(In reply to Philipp Hahn from comment #3) Package: univention-base-files Version: 5.0.0-3.197.201508281558 Branch: ucs_4.1-0
r63324 | Bug #38609 ssh: Fix UCR variable names r63323 | Bug #38609 ssh: Fix UCR variable names sshd/Protocol sshd/ServerKeyBits Package: univention-base-files Version: 4.0.8-9.198.201508281628 Branch: ucs_4.0-0 Scope: errata4.0-3 Package: univention-base-files Version: 5.0.0-4.199.201508281629 Branch: ucs_4.1-0 r63325 | Bug #38609 ssh: Fix UCR variable names YAML 2015-08-27-univention-base-files.yaml
OK: code OK: 4.1 merge OK: YAML OK manual test of UCRVs sshd/{MACs, Ciphers, KexAlgorithms, config/.*}
<http://errata.univention.de/ucs/4.0/293.html>