ssh-audit/test/docker/expected_results/tinyssh_20190101_test1.txt

[0;36m# general[0m
[0;32m(gen) software: TinySSH noversion[0m
[0;32m(gen) compatibility: OpenSSH 8.0-8.4, Dropbear SSH 2018.76+[0m
[0;32m(gen) compression: disabled[0m

[0;36m# key exchange algorithms[0m
[0;32m(kex) curve25519-sha256                       -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
[0;32m                                              `- [info] default key exchange from OpenSSH 6.4 to 8.9[0m
[0;32m(kex) curve25519-sha256@libssh.org            -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62[0m
[0;32m                                              `- [info] default key exchange from OpenSSH 6.4 to 8.9[0m
[0;33m(kex) sntrup4591761x25519-sha512@tinyssh.org  -- [warn] using experimental algorithm[0m
                                              `- [info] available since OpenSSH 8.0
                                              `- [info] the sntrup4591761 algorithm was withdrawn, as it may not provide strong post-quantum security

[0;36m# host-key algorithms[0m
[0;32m(key) ssh-ed25519                             -- [info] available since OpenSSH 6.5[0m

[0;36m# encryption algorithms (ciphers)[0m
[0;33m(enc) chacha20-poly1305@openssh.com           -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation[0m
                                              `- [info] available since OpenSSH 6.5
                                              `- [info] default cipher since OpenSSH 6.9

[0;36m# message authentication code algorithms[0m
[0;33m(mac) hmac-sha2-256                           -- [warn] using encrypt-and-MAC mode[0m
                                              `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56

[0;36m# fingerprints[0m
[0;32m(fin) ssh-ed25519: SHA256:89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU[0m
-												Added TinySSH test.

											
										
										
											2019-08-28 04:28:24 +02:00
+								[0;36m# general[0m
 								[0;32m(gen) software: TinySSH noversion[0m
-												Added OpenSSH 8.5 built-in policy.  Added sntrup761x25519-sha512@openssh.com kex.

											
										
										
											2021-02-23 22:02:20 +01:00
+								[0;32m(gen) compatibility: OpenSSH 8.0-8.4, Dropbear SSH 2018.76+[0m
-												Added TinySSH test.

											
										
										
											2019-08-28 04:28:24 +02:00
+								[0;32m(gen) compression: disabled[0m
 								[0;36m# key exchange algorithms[0m
-												Updated info on curve25519-sha256 kex.

											
										
										
											2019-10-21 17:50:23 +02:00
+								[0;32m(kex) curve25519-sha256                       -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
-												Added note that sntrup761x25519-sha512@openssh.com is the default OpenSSH kex since version 9.0.

											
										
										
											2024-03-15 22:24:21 +01:00
+								[0;32m                                              `- [info] default key exchange from OpenSSH 6.4 to 8.9[0m
-												Generic failure/warning messages replaced with more specific reasons.  SHA-1 algorithms now cause failures.  CBC mode ciphers are now warnings instead of failures.

											
										
										
											2023-03-24 02:36:02 +01:00
+								[0;32m(kex) curve25519-sha256@libssh.org            -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62[0m
-												Added note that sntrup761x25519-sha512@openssh.com is the default OpenSSH kex since version 9.0.

											
										
										
											2024-03-15 22:24:21 +01:00
+								[0;32m                                              `- [info] default key exchange from OpenSSH 6.4 to 8.9[0m
-												Added TinySSH test.

											
										
										
											2019-08-28 04:28:24 +02:00
+								[0;33m(kex) sntrup4591761x25519-sha512@tinyssh.org  -- [warn] using experimental algorithm[0m
 								                                              `- [info] available since OpenSSH 8.0
-												Generic failure/warning messages replaced with more specific reasons.  SHA-1 algorithms now cause failures.  CBC mode ciphers are now warnings instead of failures.

											
										
										
											2023-03-24 02:36:02 +01:00
+								                                              `- [info] the sntrup4591761 algorithm was withdrawn, as it may not provide strong post-quantum security
-												Added TinySSH test.

											
										
										
											2019-08-28 04:28:24 +02:00
 								[0;36m# host-key algorithms[0m
 								[0;32m(key) ssh-ed25519                             -- [info] available since OpenSSH 6.5[0m
 								[0;36m# encryption algorithms (ciphers)[0m
-												Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections.  Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.

											
										
										
											2023-12-19 20:03:28 +01:00
+								[0;33m(enc) chacha20-poly1305@openssh.com           -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation[0m
 								                                              `- [info] available since OpenSSH 6.5
 								                                              `- [info] default cipher since OpenSSH 6.9
-												Added TinySSH test.

											
										
										
											2019-08-28 04:28:24 +02:00
 								[0;36m# message authentication code algorithms[0m
 								[0;33m(mac) hmac-sha2-256                           -- [warn] using encrypt-and-MAC mode[0m
 								                                              `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
 								[0;36m# fingerprints[0m
 								[0;32m(fin) ssh-ed25519: SHA256:89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU[0m