Tâche #33994: Etude - Distribution EOLE - Ensemble Ouvert Libre Évolutif

Tâche #33994

Scénario #33908: EOLE 2.9 : Openssh 8.9

Etude

Added by Emmanuel GARETTE over 1 year ago. Updated over 1 year ago.

Status:

Fermé

Priority:

Normal

Assigned To:

Emmanuel GARETTE

Target version:

Prestation Cadoles MEN 2022 13-15

Start date:

03/31/2022

Due date:

% Done:

100%

Remaining (hours):

0.0

Description

Vérifier les dépôts en plus de ceux du scénario :

scribe-ad/scripts/eolead:[ ! -f /root/.ssh/id_rsa.pub ] && ssh-keygen -f /root/.ssh/id_rsa -N ''
eole-common/lxc-templates/lxc-eole:        ssh-keygen -f "$auth_key" -N ''
eole-pacemaker/postservice/00-haute-dispo:            ssh-keygen -t rsa -b 2048 -f /root/.ssh/id_rsa -N "" -q
eole-ad-dc/lib/eole/samba4.sh:        ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" 
zephir-client/bin/enregistrement_zephir:    cmd = ['/usr/bin/ssh-keygen', '-N', '', '-b', '1024', '-t', 'rsa', '-f', '/var/spool/uucp/.ssh/id_rsa', '-C', '"uucp@%s"' % adresse_zephir]
zephir-client/bin/enregistrement_zephir:        # erreur de la commande ssh-keygen
zephir-parc/python/zephir/backend/lib_backend.py:        res = os.system("""/usr/bin/ssh-keygen -N "" -b 1024 -t rsa -f %s -C uucp@%s""" % (new_key, zephir

History

#1 Updated by Emmanuel GARETTE over 1 year ago

Status changed from Nouveau to En cours
Assigned To set to Emmanuel GARETTE

#2 Updated by Emmanuel GARETTE over 1 year ago

J'ai trouvé en plus :

eole-hapy-deployment/scripts/deploy-auto:    fic_cle = open("/var/spool/uucp/.ssh/id_rsa.pub", "r")
eole-one-master/scripts/onehost_create_all:    REMOTEKEY=$(su - oneadmin -c "ssh ${host} 'cat ~oneadmin/.ssh/id_rsa.pub'")
zephir-client/data/scripts/update_key.zephir:        os.system("/bin/chown uucp.uucp %s/id_rsa*" % ssh_dir)
zephir-client/zephir/lib_zephir.py:    os.system("/bin/chown uucp.uucp %s/id_rsa*" % ssh_dir)

#3 Updated by Emmanuel GARETTE over 1 year ago

D'après (entre autre) https://www.ssh-audit.com/ :

- ssh-dsa : à éviter
- ssh-rsa/SHA-1 : à éviter
- ssh-rsa/SHA-2 : OK
- ECDSA : très critiqué par certains spécialistes de la sécurité (NSA inside)
- Ed25519 : clef plus petites mais aussi sécurisées que leurs ancêtres, ce qui prend moins de ressources pour chiffrer et déchiffrer

Choix : Ed25519

#4 Updated by Emmanuel GARETTE over 1 year ago

Status changed from En cours to À valider
% Done changed from 0 to 100

#5 Updated by Benjamin Bohard over 1 year ago

Status changed from À valider to Résolu

#6 Updated by Joël Cuissinat over 1 year ago

Status changed from Résolu to Fermé
Remaining (hours) set to 0.0

Also available in: Atom PDF

Project

General

Profile

Distribution EOLE

Issues

Custom queries