Avoid checking deprecated optinos for OpenSSH >=7.6 (#110)

artem-sidorenko · chris-rock · commit aa4eb82c86fe · 2018-08-01T12:21:54.000+02:00
E.g. on Ubuntu 18.04 SSH protocol version 1 was removed from OpenSSH 7.6: - https://www.openssh.com/txt/release-7.6 - https://www.openssh.com/txt/release-7.5 Signed-off-by: Artem Sidorenko <artem@posteo.de>
diff --git a/controls/ssh_spec.rb b/controls/ssh_spec.rb
@@ -22,6 +22,8 @@
   command('ssh').exist?
 end
 
+ssh_version = command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f
+
 control 'ssh-01' do
   impact 1.0
   title 'client: Check ssh_config owner, group and permissions.'
@@ -154,6 +156,7 @@
   impact 1.0
   title 'Client: Disable rhosts-based authentication'
   desc 'Avoid rhosts-based authentication, as it opens more ways for an attacker to enter a system.'
+  only_if { ssh_version < 7.6 }
   describe ssh_config do
     its('RhostsRSAAuthentication') { should eq('no') }
   end
@@ -163,6 +166,7 @@
   impact 1.0
   title 'Client: Enable RSA authentication'
   desc 'Make sure RSA authentication is used by default.'
+  only_if { ssh_version < 7.6 }
   describe ssh_config do
     its('RSAAuthentication') { should eq('yes') }
   end
