Description
Is it platform specific
generic
Importance or Severity
High
Description of the enhancement
Security audits are pretty strict about SSH configuration and can be very prescriptive. The current SONiC SSH default configuration will not pass most security scanners (e.g. Nessus), and since there are no configuration knobs these are not directly controllable.
Current Behavior
no knobs exist to set more ssh server configuration options
Proposed Behavior
Configuration knobs needed:
- password_authentication - ability to disable password auth
- permit_root_login - ability to prevent root logins
- ciphers - ability to specify available ciphers
- kex_algorithms - ability to specify key exchange algorithms
- macs - ability to specify macs