From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=OpenSSH support |actions= We will test if openssh client respects current policy # Prepare ssh server that uses old crypto #:<pre> #::cp /etc/ssh/s...") |
No edit summary |
||
| Line 13: | Line 13: | ||
# Connect to the server | # Connect to the server | ||
#:<pre> | #:<pre> | ||
#::ssh -vv localhost</pre> | #::ssh -vv localhost 'echo CONNECTED'</pre> | ||
# Switch to FUTURE profile | # Switch to FUTURE profile | ||
#:<pre> | #:<pre> | ||
| Line 19: | Line 19: | ||
# Connect to the server | # Connect to the server | ||
#:<pre> | #:<pre> | ||
#::ssh -vv localhost</pre> | #::ssh -vv localhost 'echo CONNECTED'</pre> | ||
# Restore original settings | # Restore original settings | ||
#:<pre> | #:<pre> | ||
| Line 27: | Line 27: | ||
# sshd server starts successfully | # sshd server starts successfully | ||
# no error | # no error | ||
# connection is established - | # connection is established - CONNECTED is printed | ||
# no error | # no error | ||
# connection is NOT established | # connection is NOT established | ||
# sshd server starts successfully | # sshd server starts successfully | ||
}} | }} | ||
Revision as of 10:34, 29 March 2017
Description
OpenSSH support
How to test
We will test if openssh client respects current policy
- Prepare ssh server that uses old crypto
- cp /etc/ssh/sshd_config sshd_config.bak
- echo 'Ciphers aes128-cbc' >/etc/ssh/sshd_config
- service sshd restart
- Switch to NORMAL profile
- update-crypto-policies --set NORMAL
- Connect to the server
- ssh -vv localhost 'echo CONNECTED'
- Switch to FUTURE profile
- update-crypto-policies --set FUTURE
- Connect to the server
- ssh -vv localhost 'echo CONNECTED'
- Restore original settings
- cp sshd_config.bak /etc/ssh/sshd_config
- service sshd restart
Expected Results
- sshd server starts successfully
- no error
- connection is established - CONNECTED is printed
- no error
- connection is NOT established
- sshd server starts successfully