Disable insecure SSH algorithms (OD-1897)

Released

x70b1 opened 2 months ago

I was interested in how OneDev implemented the SSH service. I found out that it is based on Apache MINA sshd. It would be very helpful to have a way of setting the used security options. But maybe that is too much effort. Because after all the goal is a secure configuration.

Maybe we can at least remove some unsecure ciphers / key exchange algos? ssh-audit is a great tool to get a general understanding. Here is an example command and a small part of the result.

Thanks for working on OneDev!

docker run -it positronsecurity/ssh-audit -p 6011 onedev.example.com

screenshot-20240515-16:13:44.png

Robin Shen changed title 2 months ago

Previous Value	Current Value
Settings for SSH conection security	Disable insecure SSH algorithms

OneDev changed state to 'Closed' 2 months ago

Previous Value	Current Value
Open	Closed

OneDev commented 2 months ago

State changed as code fixing the issue is committed (ceefc4a3)

OneDev changed state to 'Released' 2 months ago

Previous Value	Current Value
Closed	Released

OneDev commented 2 months ago

State changed as build OD-5077 (10.7.2) is successful

Type	Improvement
Priority	Normal
Assignee	Robin Shen
Labels	No labels

Issue Votes (0)

Watchers (3)

Reference

OD-1897