5.1.3.2.1.17. Security Policies Update

We have updated the security policies of the SSH service in the 1.2.2-12 version. As a result, connections through weak methods are no longer allowed. This update requires manual implementation during the update process.

To ensure the update is implemented correctly, please follow the procedure provided below.

  1. Copy the file OPENNAC-SECURE.pmod to:

cp /usr/share/opennac/utils/crypto-policies/OPENNAC-SECURE.pmod /etc/crypto-policies/policies/modules/OPENNAC-SECURE.pmod

  1. Check which policy we have currently applied:

update-crypto-policies --show

  1. Apply the sub-policy:

update-crypto-policies --set <ACTUAL-POLICY>:OPENNAC-SECURE

  1. Restart the sshd service:

systemctl restart sshd