diff mbox series

[1/3] SSH client configuration: Use Protocol version 2 only

Message ID	20180912175045.7636-1-peter.mueller@link38.eu
State	Dropped
Headers	From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu> To: development@lists.ipfire.org Subject: [PATCH 1/3] SSH client configuration: Use Protocol version 2 only Date: Wed, 12 Sep 2018 19:50:43 +0200 Message-Id: <20180912175045.7636-1-peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ipnet: 37.120.160.0/19(-4.96), asn: 197540(-3.96), country: DE(-0.09)]; ASN(0.00)[asn:197540, ipnet:37.120.160.0/19, country:DE]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	[1/3] SSH client configuration: Use Protocol version 2 only \| [1/3] SSH client configuration: Use Protocol version 2 only [2/3] SSH client configuration: Hash known_hosts entries [3/3] SSH client configuration: Prefer server host keys in different order

Commit Message

Peter Müller Sept. 13, 2018, 3:50 a.m. UTC

  SSH Protocol version 1 is insecure and must not be used anymore.
Restrict SSH client configuration to ensure only version 2 is used.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
 config/ssh/ssh_config | 3 +++
 1 file changed, 3 insertions(+)

diff mbox series

Patch

diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config
index 2abfae6d1..b36909f85 100644
--- a/config/ssh/ssh_config
+++ b/config/ssh/ssh_config
@@ -5,6 +5,9 @@  Host *
         # disable Roaming as it is known to be vulnerable
         UseRoaming no
 
+	# only use version 2 of SSH protocol
+	Protocol 2
+
         # only use secure crypto algorithm
         KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
         Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr