mirror of https://github.com/ovh/the-bastion
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.5 KiB
1.5 KiB
⚡ Security
- No security fixes since previous release
- Oldest release with no known security issue is
v3.14.15(2023-11-08)
💡 Highlights
The main noteworthy change in this release is the support for so-called Secure Keys 🔑 (FIDO2) for ingress connection. If you're upgrading from a previous version, you'll have to enable support in the configuration file, refer to the specific upgrade instructions below. This is enabled on new installations by default.
How to generate and use a Secure Key from your hardware token to secure SSH access is usually detailed in the documentation of your hardware key vendor (For example Yubico).
A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.
📌 Changes
- feat: support hardware-based Secure Keys (FIDO2) for ingress authentication
- enh: remove netcat dependency by using perl bultins
- enh:
--waitnow checks whether the TCP port is open instead of just pinging the host - fix: logic error in
etc/pam.d/sshd.rhelbreaking MFA handling if enabled