-
-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rsa-sha2-512 and rsa-sha2-256 - key algorithm to append #260
Comments
Can you please post the full output of ssh-audit run with the -d
argument?
|
|
# host-key algorithms
(key) ssh-ed25519 -- [info] available since
OpenSSH 6.5
Looks like ssh-ed25519 is the only host key being returned by your
server. It may be that your RSA host keys were deleted and never re-
created.
(rec) -hmac-sha2-512 -- mac algorithm to
remove
It appears that you also added an HMAC that isn't in the hardening
guide.
|
Correct. I only use I have to enable that hmac for compatibility reasons on some hosts. |
The "algorithm recommendations" section gives optional algs to add in order to maximize compatibility (aside from algs to remove because they have security concerns). Admittedly, the text should be refined so users don't think they strictly need to add more algorithms. You may want to use the custom policy feature since you've customized your config(s). This is the exact situation custom policies were designed for, in fact. |
Wasn't |
I followed the guide for al2023 but still get the following recommendations:
I'm only allowing
ed25519
keys to the host. . When I look at the hosts config it appears that the algorithm is in use:What am I doing wrong to add a
key algorithm
.The text was updated successfully, but these errors were encountered: