SSH protocol 2 check is obsolete
melak opened this issue · 5 comments
Protocol 1 support was removed from OpenSSH 7.4. Debian 8 might conceivably have been the last one shipping with OpenSSH earlier than that (as Stretch was shipped with 7.4). Debian 8 has reached end of life and end of security support more than a year ago. This check results in a false positive in pretty much all supported configurations (except possibly those that have been upgrades from older Debian versions and have not had their configuration properly updated).
Sounds like a good time to retire this check entirely, I suppose.
Hello I checked and you're right ! The reason that it's still there is that it is still in the debian 10 CIS guide.
There is other scripts as well that are fairly deprecated and I think we will remove them in the next big release (when Debian 11 guide will come out)
I've raised a couple of tickets against some of the affected benchmarks.
Well good luck, I've heard that they are not the quickest people to answer ...
On the bright side though you still have a cozy handful of years to carefully deliberate that git rm 😁
Not impacting the normal behaviour of the script, this will be removed from the repository when the last supported Debian with this recommendation will disappear.