You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I have changed the ports attribute in order to avoid attackers to find it to easily but this cookbook change both the server and client config.
This makes any commands, depending on ssh, to use the server port as client so that a git ls-remote command fails because of the client Port config which isn't 22 anymore.
Describe the solution you'd like
In order to avoid a breaking change, the default['ssh-hardening']['ssh']['ports'] Array should allow integers and Hashes, so that both should work, with the Hash one allowing to tell a port for the sever, and a port for the client like that:
Is your feature request related to a problem? Please describe.
I have changed the
ports
attribute in order to avoid attackers to find it to easily but this cookbook change both the server and client config.This makes any commands, depending on ssh, to use the server port as client so that a
git ls-remote
command fails because of the clientPort
config which isn't 22 anymore.Describe the solution you'd like
In order to avoid a breaking change, the
default['ssh-hardening']['ssh']['ports']
Array should allow integers and Hashes, so that both should work, with the Hash one allowing to tell a port for the sever, and a port for the client like that:or to tell only the sever or the client port:
Implementing this is easy and gives flexibility to the operator to configure SSH.
Describe alternatives you've considered
A workaround is to create a file
~/.ssh/config
containingPort 22
.Additional context
In my case, I'm deploying a Rails app with Capistrano which first tries the
git ls-remote [email protected]:group/project.git
and it fails.The text was updated successfully, but these errors were encountered: