change CRYPTO_POLICY check for ssh client

this check needs to work also when not root. Also we don't want to
depend on settings in sshd config. This tests now runs on almost all
systems and serves as an verification for the static configuration checks.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

Author: schurzi

controls/ssh_spec.rb

@@ -231,13 +231,12 @@
 control 'ssh-22' do
   impact 1.0
   title 'Client: CRYPTO_POLICY'
-  desc 'Verifies, that we are not running CRYPTO_POLICY and our settings from ssh_config are effective'
-  only_if('OS has CRYPTO_POLICY') do
-    file('/etc/sysconfig/sshd').exist? && file('/etc/sysconfig/sshd').content.match?(/CRYPTO_POLICY/)
+  desc 'Verifies, that we are not running CRYPTO_POLICY and our settings from ssh_config are effective (affects el8+ and fedora)'
+  only_if('ssh client supports -G option') do
+    bash('ssh -G localhost').exit_status.equal?(0)
   end
 
   describe bash('ssh -G localhost') do
-    its('exit_status') { should eq 0 }
     its('stdout') { should match('ciphers ' + ssh_crypto.valid_ciphers) }
     its('stdout') { should match('kexalgorithms ' + ssh_crypto.valid_kexs) }
     its('stdout') { should match('macs ' + ssh_crypto.valid_macs) }