dev-sec · chris-rock · May 20, 2020 · May 19, 2020 · May 20, 2020 · May 20, 2020
diff --git a/controls/sshd_spec.rb b/controls/sshd_spec.rb
@@ -184,8 +184,12 @@
   impact 1.0
   title 'Server: Specify SSH HostKeys'
   desc 'Specify HostKey for protection against Man-In-The-Middle Attacks'
+
+  sshd_valid_hostkeys = ssh_crypto.valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" }
+  sshd_valid_hostkeys = sshd_valid_hostkeys[0] if sshd_valid_hostkeys.length == 1
+
   describe sshd_config(sshd_custom_path + '/sshd_config') do
-    its('HostKey') { should cmp ssh_crypto.valid_hostkeys }
+    its('HostKey') { should cmp sshd_valid_hostkeys }
   end
 end
 

diff --git a/libraries/ssh_crypto.rb b/libraries/ssh_crypto.rb
@@ -253,15 +253,4 @@ def valid_algorithms # rubocop:disable Metrics/CyclomaticComplexity
 
     alg
   end
-
-  # returns the hostkeys value based on valid_algorithms
-  def valid_hostkeys
-    hostkeys = valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" }
-    # its('HostKey') provides a string for a single-element value.
-    # we have to return a string if we have a single-element
-    # https://github.com/chef/inspec/issues/1434
-    return hostkeys[0] if hostkeys.length == 1
-
-    hostkeys
-  end
 end