This message was deleted Rancher Users #harvester

Join Slack

This message was deleted.

# harvester

adamant-kite-43734

09/06/2024, 6:44 AM

This message was deleted.

bright-flag-87778

09/06/2024, 7:05 AM

Yes, the config file will be restored after reboot like you mentioned, one way to fix this is modify

/oem/90_custom.yaml

and add a new command in stages/initramfs/commands

Copy code

name: Harvester Configuration
stages:
    initramfs:
        - commands:
          ...
          - "the vulnerability fix"

bright-flag-87778

09/06/2024, 7:07 AM

I’m just curious, what vulnerability issue did you encounter? Also, which version of Harvester were you using ?

blue-farmer-46993

09/06/2024, 7:29 AM

@bright-flag-87778 Thanks for sharing the solution . I am using v1.3.1 , vulnerabilities like SHA1 deprecated setting for SSH & Deprecated SSH cryptographic settings was reported.

bright-flag-87778

09/06/2024, 7:59 AM

Thank you, @blue-farmer-46993. Could you provide a bit more detail? I’m unsure if this requires upgrading

sshd

or simply adjusting the configuration. If it's something we need to address, we can certainly take care of it.

blue-farmer-46993

09/06/2024, 8:27 AM

I think starting Opensh 8.8 sha1 is disabled and I think they must have resolved other vulnerabilities as well. I feel upgrading is a good option.

Open in Slack

Previous Next