UseLogin is deprecated

starting from openssh 7.4 (rhel 7)

Fixes #95

Signed-off-by: Artem Sidorenko <[email protected]>

controls/ssh_spec.rb

@@ -22,8 +22,6 @@
   command('ssh').exist?
 end
 
-ssh_version = command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f
-
 control 'ssh-01' do
   impact 1.0
   title 'client: Check ssh_config owner, group and permissions.'
@@ -156,7 +154,7 @@
   impact 1.0
   title 'Client: Disable rhosts-based authentication'
   desc 'Avoid rhosts-based authentication, as it opens more ways for an attacker to enter a system.'
-  only_if { ssh_version < 7.6 }
+  only_if { ssh_crypto.ssh_version < 7.6 }
   describe ssh_config do
     its('RhostsRSAAuthentication') { should eq('no') }
   end
@@ -166,7 +164,7 @@
   impact 1.0
   title 'Client: Enable RSA authentication'
   desc 'Make sure RSA authentication is used by default.'
-  only_if { ssh_version < 7.6 }
+  only_if { ssh_crypto.ssh_version < 7.6 }
   describe ssh_config do
     its('RSAAuthentication') { should eq('yes') }
   end

controls/sshd_spec.rb

@@ -184,7 +184,7 @@
   title 'Server: Specify UseLogin to NO'
   desc 'Disable legacy login mechanism and do not use login for interactive login sessions.'
   describe sshd_config do
-    its('UseLogin') { should eq('no') }
+    its('UseLogin') { should eq(ssh_crypto.ssh_version < 7.4 ? 'no' : nil) }
   end
 end
 

libraries/ssh_crypto.rb

@@ -19,6 +19,10 @@
 class SshCrypto < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
   name 'ssh_crypto'
 
+  def ssh_version
+    inspec.command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f
+  end
+
   def valid_ciphers # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
     # define a set of default ciphers
     ciphers53 = 'aes256-ctr,aes192-ctr,aes128-ctr'