Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluate disabling certain default cipher suites and key-ex algos #63

Open
etungsten opened this issue Jul 13, 2022 · 1 comment
Open

Evaluate disabling certain default cipher suites and key-ex algos #63

etungsten opened this issue Jul 13, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@etungsten
Copy link
Contributor

etungsten commented Jul 13, 2022
edited
Loading

We should evaluate disabling some default SSH cipher suites and key algorithms that might trigger vulnerability scanning tools
@etungsten etungsten changed the title Evaluate disabling certain default cipher suites and key-ex algos that potentially are insecure Evaluate disabling certain default cipher suites and key-ex algos Jul 13, 2022
@etungsten
Copy link
Contributor Author

EKS optimized AMI's sshd_config limits the cipher suites to the following by default:

Ciphers aes128-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

We should consider doing the same. Users can still override with the admin container userdata if they wish.

@etungsten etungsten added the enhancement New feature or request label Jul 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@etungsten