Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 SSH Hardening #160

Merged
merged 1 commit into from
Jun 18, 2024
Merged

🐛 SSH Hardening #160

merged 1 commit into from
Jun 18, 2024

Conversation

lubedacht
Copy link
Contributor

What is the purpose of this pull request/Why do we need it?

Cherry pick of #140 for release 0.2.1

@jriedel-ionos @lubedacht
🐛 SSH Hardening (#140)
e48a2b0 
**What is the purpose of this pull request/Why do we need it?**
Add tweaks for Diffie-Hellman key exchange, because of a CVE. See:
- https://nvd.nist.gov/vuln/detail/CVE-2002-20001
- https://dheatattack.gitlab.io/dheater/

And 4096 bit host keys are used to harden SSH security.

I used https://www.sshaudit.com/hardening_guides.html#ubuntu_22_04_lts
as a hardening guide.

**Description of changes:**
- Improve Diffie-Hellman key exchange
-  Use 4096 bit host keys. 

**Checklist:**
- [x] Includes
[emojis](https://github.com/kubernetes-sigs/kubebuilder-release-tools?tab=readme-ov-file#kubebuilder-project-versioning)
@lubedacht lubedacht changed the base branch from main to release-0.2 June 18, 2024 12:49
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jun 18, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@lubedacht lubedacht merged commit 5603447 into release-0.2 Jun 18, 2024
10 checks passed
@lubedacht lubedacht deleted the cherry-pick-140 branch June 18, 2024 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jriedel-ionos jriedel-ionos jriedel-ionos approved these changes

@piepmatz piepmatz Awaiting requested review from piepmatz piepmatz is a code owner

@gfariasalves-ionos gfariasalves-ionos Awaiting requested review from gfariasalves-ionos gfariasalves-ionos is a code owner

@mcbenjemaa mcbenjemaa Awaiting requested review from mcbenjemaa mcbenjemaa is a code owner

@wikkyk wikkyk Awaiting requested review from wikkyk wikkyk is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lubedacht @jriedel-ionos