Page MenuHomePhabricator

Reenable ssh MAC/KEX hardening on beta cluster and integration labs project
Closed, ResolvedPublic

Description

Whenever Jenkins supports the new SSH algorithms (TT100517), we want to remove the hiera configuration that disable it. Essentially just revert https://gerrit.wikimedia.org/r/#/c/214055/

Event Timeline

hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)
hashar added a subscriber: hashar.
hashar triaged this task as Medium priority.Jun 2 2015, 2:23 PM
hashar moved this task from Untriaged to Backlog on the Continuous-Integration-Infrastructure board.

Blocked on T100517

Change 219828 had a related patch set uploaded (by Hashar):
Reenable sshd MAC/KEX hardening for Jenkins and Beta

https://gerrit.wikimedia.org/r/219828

Change 219828 abandoned by Hashar:
Reenable sshd MAC/KEX hardening for Jenkins and Beta

Reason:
Broken for now because of java trilead-ssh2 T103351

https://gerrit.wikimedia.org/r/219828

hashar changed the task status from Open to Stalled.Oct 6 2015, 11:36 AM
hashar removed a project: Patch-For-Review.
hashar set Security to None.
Paladox changed the task status from Stalled to Open.EditedApr 15 2017, 12:11 PM
Paladox added a subscriber: Paladox.

This can now be moved along as trilead has been updated to support this now.

Just need to wait for https://github.com/mc1arke/trilead-api-plugin to be released and for all plugins to be updated.

Actually jenkins core has been updated with the new trilead version so this is blocked on T144106

Change 383122 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] Jenkins now supports our MAC/KEXY algorithms [prod]

https://gerrit.wikimedia.org/r/383122

hashar claimed this task.

Change 383122 merged by Muehlenhoff:
[operations/puppet@production] Jenkins now supports our MAC/KEXY algorithms [prod]

https://gerrit.wikimedia.org/r/383122