From 5702120ac588c76d93deba98765f1df7e123df64 Mon Sep 17 00:00:00 2001
From: Artem Sidorenko <artem@posteo.de>
Date: Wed, 1 Aug 2018 09:28:26 +0200
Subject: [PATCH] Avoid checking deprecated optinos for OpenSSH >=7.6

E.g. on Ubuntu 18.04

SSH protocol version 1 was removed from OpenSSH 7.6:
- https://www.openssh.com/txt/release-7.6
- https://www.openssh.com/txt/release-7.5

Signed-off-by: Artem Sidorenko <artem@posteo.de>
---
 controls/ssh_spec.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/controls/ssh_spec.rb b/controls/ssh_spec.rb
index 538261a..bcccf4c 100644
--- a/controls/ssh_spec.rb
+++ b/controls/ssh_spec.rb
@@ -22,6 +22,8 @@
   command('ssh').exist?
 end
 
+ssh_version = command('ssh -V 2>&1 | cut -f1 -d" " | cut -f2 -d"_"').stdout.to_f
+
 control 'ssh-01' do
   impact 1.0
   title 'client: Check ssh_config owner, group and permissions.'
@@ -154,6 +156,7 @@
   impact 1.0
   title 'Client: Disable rhosts-based authentication'
   desc 'Avoid rhosts-based authentication, as it opens more ways for an attacker to enter a system.'
+  only_if { ssh_version < 7.6 }
   describe ssh_config do
     its('RhostsRSAAuthentication') { should eq('no') }
   end
@@ -163,6 +166,7 @@
   impact 1.0
   title 'Client: Enable RSA authentication'
   desc 'Make sure RSA authentication is used by default.'
+  only_if { ssh_version < 7.6 }
   describe ssh_config do
     its('RSAAuthentication') { should eq('yes') }
   end