Legacy Protocol statement is removed from version 7.6 and above, sinc…

…e the code for SSH-1 is removed from OpenSSH. Signed-off-by: Farid Joubbi <[email protected]>
dev-sec · Dec 16, 2020 · 711def3 · 711def3
1 parent 2691867
commit 711def3
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/controls/ssh_spec.rb b/controls/ssh_spec.rb
@@ -67,6 +67,7 @@
   impact 1.0
   title 'Client: Specify protocol version 2'
   desc "Only SSH protocol version 2 connections should be permitted. Version 1 of the protocol contains security vulnerabilities. Don't use legacy insecure SSHv1 connections anymore."
+  only_if { ssh_crypto.ssh_version < 7.6 }
   describe ssh_config(ssh_custom_path + '/ssh_config') do
     its('Protocol') { should eq('2') }
   end