From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 18: | Line 18: | ||
# Restore original settings | # Restore original settings | ||
#:<pre> | #:<pre> | ||
#:: | #::cp -f sshd_config.bak /etc/ssh/sshd_config | ||
#::rm -f sshd_config.bak | |||
#::service sshd restart</pre> | #::service sshd restart</pre> | ||
|results= | |results= | ||
Latest revision as of 08:46, 30 March 2017
Description
OpenSSH support
How to test
We will test if openssh client respects current policy
- Prepare ssh server that uses old crypto
- cp /etc/ssh/sshd_config sshd_config.bak
- echo -e 'Match All\n Ciphers 3des-cbc' >>/etc/ssh/sshd_config
- service sshd restart
- Switch to DEFAULT profile and connect to the server
- update-crypto-policies --set DEFAULT
- ssh -vv localhost 'echo CONNECTED' || echo "FAIL ssh DEFAULT"
- Switch to FUTURE profile and connect to the server
- update-crypto-policies --set FUTURE
- ssh localhost 'echo CONNECTED' && echo "FAIL ssh FUTURE"
- Restore original settings
- cp -f sshd_config.bak /etc/ssh/sshd_config
- rm -f sshd_config.bak
- service sshd restart
Expected Results
- sshd server starts successfully
- connection is established - CONNECTED is printed
- connection is NOT established
- sshd server starts successfully with original configuration