Closed mlacko64 closed 8 months ago
Thanks for comments, I have:
@mlacko64, thanks for doing this! I think we can probably go ahead and merge this into an upcoming container release, but would you be willing to prune the commit message beforehand? The top line is probably enough to suffice.
@jpculp sure, I have pruned commit message as you suggested
Issue number:
https://github.com/bottlerocket-os/bottlerocket-admin-container/issues/90
Description of changes:
This change adds option to customize MACs for SSH , for example, to disable SHA1 MACs which are reported as deprecated by vulnerability scanner. README.md updated.
Testing done:
Created custom container and tested in my lab cluster, works as expected.
SSHD config contains line:
MACs hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com
SSHD server offers just MACs selected by me:
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.