Revision as of 18:39, 29 March 2017

Description

OpenSSH support

We will test if openssh client respects current policy

Prepare ssh server that uses old crypto

cp /etc/ssh/sshd_config sshd_config.bak
echo -e 'Match All\n    Ciphers 3des-cbc' >>/etc/ssh/sshd_config
service sshd restart

Switch to DEFAULT profile and connect to the server

update-crypto-policies --set DEFAULT
ssh -vv localhost 'echo CONNECTED' || echo "FAIL ssh DEFAULT"

Switch to FUTURE profile and connect to the server

update-crypto-policies --set FUTURE
ssh localhost 'echo CONNECTED' && echo "FAIL ssh FUTURE"

Restore original settings

mv -f sshd_config.bak /etc/ssh/sshd_config
service sshd restart

@@ Line 8: / Line 8: @@
 #::echo -e 'Match All\n    Ciphers 3des-cbc' >>/etc/ssh/sshd_config
 #::service sshd restart</pre>
-# Switch to DEFAULT profile
+# Switch to DEFAULT profile and connect to the server
 #:<pre>
-#::update-crypto-policies --set DEFAULT</pre>
+#::update-crypto-policies --set DEFAULT
-# Connect to the server
+#::ssh -vv localhost 'echo CONNECTED' || echo "FAIL ssh DEFAULT"</pre>
+# Switch to FUTURE profile and connect to the server
 #:<pre>
-#::ssh -vv localhost 'echo CONNECTED'</pre>
+#::update-crypto-policies --set FUTURE
-# Switch to FUTURE profile
+#::ssh localhost 'echo CONNECTED' && echo "FAIL ssh FUTURE"</pre>
-#:<pre>
-#::update-crypto-policies --set FUTURE</pre>
-# Connect to the server
-#:<pre>
-#::ssh -vv localhost 'echo CONNECTED'</pre>
 # Restore original settings
 #:<pre>
-#::cp sshd_config.bak /etc/ssh/sshd_config
+#::mv -f sshd_config.bak /etc/ssh/sshd_config
 #::service sshd restart</pre>
 |results=
 # sshd server starts successfully
-# no error
 # connection is established - CONNECTED is printed
-# no error
 # connection is NOT established
-# sshd server starts successfully
+# sshd server starts successfully with original configuration
 }}