Weak kex are controlled by wrong variable ?

https://github.com/dev-sec/ansible-ssh-hardening/blob/e6d79fa3fb6d10627479641e99c596b09dd43616/tasks/crypto.yml#L79-L92

I think there is a problem here: weak kex should be controlled by `ssh_server_weak_kex` and not `ssh_server_weak_hmac`.


	- name: set weak kex according to openssh-version if openssh >= 6.6
	set_fact:
	ssh_kex: '{{ ssh_kex_66_weak }}'
	when: sshd_version.stdout >= '6.6' and ssh_server_weak_hmac and not ssh_kex

	- name: set kex according to openssh-version if openssh >= 6.6
	set_fact:
	ssh_kex: '{{ ssh_kex_66_default }}'
	when: sshd_version.stdout >= '6.6' and not ssh_kex

	- name: set weak kex according to openssh-version
	set_fact:
	ssh_kex: '{{ ssh_kex_59_weak }}'
	when: sshd_version.stdout >= '5.9' and ssh_server_weak_hmac and not ssh_kex

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Weak kex are controlled by wrong variable ? #174

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Weak kex are controlled by wrong variable ? #174

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions