mirror of
https://github.com/jtesta/ssh-audit.git
synced 2025-06-21 18:23:40 +02:00
Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) (#120).
This commit is contained in:
@ -10,7 +10,7 @@
|
||||
"expected_required": [
|
||||
"4096"
|
||||
],
|
||||
"mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"
|
||||
"mismatched_field": "Host key (ssh-rsa-cert-v01@openssh.com) sizes"
|
||||
},
|
||||
{
|
||||
"actual": [
|
||||
@ -22,7 +22,7 @@
|
||||
"expected_required": [
|
||||
"4096"
|
||||
],
|
||||
"mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"
|
||||
"mismatched_field": "CA signature size (ssh-rsa)"
|
||||
}
|
||||
],
|
||||
"host": "localhost",
|
||||
|
@ -1,13 +1,28 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker poliicy: test10 (version 1)
|
||||
Result: [0;31m❌ Failed![0m
|
||||
[0;33m
|
||||
Errors:
|
||||
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||
* CA signature size (ssh-rsa) did not match.
|
||||
- Expected: 4096
|
||||
- Actual: 1024
|
||||
|
||||
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||
* Host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||
- Expected: 4096
|
||||
- Actual: 3072
|
||||
[0m
|
||||
|
@ -1,3 +1,18 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker poliicy: test7 (version 1)
|
||||
Result: [0;32m✔ Passed[0m
|
||||
|
@ -10,7 +10,7 @@
|
||||
"expected_required": [
|
||||
"2048"
|
||||
],
|
||||
"mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"
|
||||
"mismatched_field": "CA signature size (ssh-rsa)"
|
||||
}
|
||||
],
|
||||
"host": "localhost",
|
||||
|
@ -1,9 +1,24 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker poliicy: test8 (version 1)
|
||||
Result: [0;31m❌ Failed![0m
|
||||
[0;33m
|
||||
Errors:
|
||||
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||
* CA signature size (ssh-rsa) did not match.
|
||||
- Expected: 2048
|
||||
- Actual: 1024
|
||||
[0m
|
||||
|
@ -10,7 +10,7 @@
|
||||
"expected_required": [
|
||||
"4096"
|
||||
],
|
||||
"mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"
|
||||
"mismatched_field": "Host key (ssh-rsa-cert-v01@openssh.com) sizes"
|
||||
}
|
||||
],
|
||||
"host": "localhost",
|
||||
|
@ -1,9 +1,24 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker poliicy: test9 (version 1)
|
||||
Result: [0;31m❌ Failed![0m
|
||||
[0;33m
|
||||
Errors:
|
||||
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||
* Host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||
- Expected: 4096
|
||||
- Actual: 3072
|
||||
[0m
|
||||
|
@ -139,6 +139,7 @@
|
||||
},
|
||||
{
|
||||
"algorithm": "ssh-rsa-cert-v01@openssh.com",
|
||||
"ca_algorithm": "ssh-rsa",
|
||||
"casize": 1024,
|
||||
"keysize": 1024
|
||||
}
|
||||
|
@ -40,10 +40,11 @@
|
||||
[0;31m `- [fail] using small 1024-bit modulus[0m
|
||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
[0;31m `- [fail] using small 1024-bit modulus[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
[0;31m `- [fail] using small 1024-bit hostkey modulus[0m
|
||||
[0;31m `- [fail] using small 1024-bit CA key modulus[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
|
||||
[0;36m# encryption algorithms (ciphers)[0m
|
||||
[0;32m(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
|
||||
|
@ -139,6 +139,7 @@
|
||||
},
|
||||
{
|
||||
"algorithm": "ssh-rsa-cert-v01@openssh.com",
|
||||
"ca_algorithm": "ssh-rsa",
|
||||
"casize": 3072,
|
||||
"keysize": 1024
|
||||
}
|
||||
|
@ -40,10 +40,10 @@
|
||||
[0;31m `- [fail] using small 1024-bit modulus[0m
|
||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
[0;31m `- [fail] using small 1024-bit modulus[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
[0;31m `- [fail] using small 1024-bit hostkey modulus[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
|
||||
[0;36m# encryption algorithms (ciphers)[0m
|
||||
[0;32m(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
|
||||
|
@ -139,6 +139,7 @@
|
||||
},
|
||||
{
|
||||
"algorithm": "ssh-rsa-cert-v01@openssh.com",
|
||||
"ca_algorithm": "ssh-rsa",
|
||||
"casize": 1024,
|
||||
"keysize": 3072
|
||||
}
|
||||
|
@ -39,10 +39,10 @@
|
||||
[0;31m(key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
[0;31m `- [fail] using small 1024-bit modulus[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
[0;31m `- [fail] using small 1024-bit CA key modulus[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
|
||||
[0;36m# encryption algorithms (ciphers)[0m
|
||||
[0;32m(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
|
||||
|
@ -139,6 +139,7 @@
|
||||
},
|
||||
{
|
||||
"algorithm": "ssh-rsa-cert-v01@openssh.com",
|
||||
"ca_algorithm": "ssh-rsa",
|
||||
"casize": 3072,
|
||||
"keysize": 3072
|
||||
}
|
||||
|
@ -39,9 +39,9 @@
|
||||
[0;31m(key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm[0m
|
||||
`- [info] available since OpenSSH 5.6
|
||||
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
|
||||
|
||||
[0;36m# encryption algorithms (ciphers)[0m
|
||||
[0;32m(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
|
||||
|
@ -1,3 +1,12 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker policy: test11 (version 1)
|
||||
Result: [0;32m✔ Passed[0m
|
||||
|
@ -10,7 +10,7 @@
|
||||
"expected_required": [
|
||||
"4096"
|
||||
],
|
||||
"mismatched_field": "RSA host key (rsa-sha2-256) sizes"
|
||||
"mismatched_field": "Host key (rsa-sha2-256) sizes"
|
||||
},
|
||||
{
|
||||
"actual": [
|
||||
@ -22,7 +22,7 @@
|
||||
"expected_required": [
|
||||
"4096"
|
||||
],
|
||||
"mismatched_field": "RSA host key (rsa-sha2-512) sizes"
|
||||
"mismatched_field": "Host key (rsa-sha2-512) sizes"
|
||||
},
|
||||
{
|
||||
"actual": [
|
||||
@ -34,7 +34,7 @@
|
||||
"expected_required": [
|
||||
"4096"
|
||||
],
|
||||
"mismatched_field": "RSA host key (ssh-rsa) sizes"
|
||||
"mismatched_field": "Host key (ssh-rsa) sizes"
|
||||
}
|
||||
],
|
||||
"host": "localhost",
|
||||
|
@ -1,17 +1,26 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker policy: test12 (version 1)
|
||||
Result: [0;31m❌ Failed![0m
|
||||
[0;33m
|
||||
Errors:
|
||||
* RSA host key (rsa-sha2-256) sizes did not match.
|
||||
* Host key (rsa-sha2-256) sizes did not match.
|
||||
- Expected: 4096
|
||||
- Actual: 3072
|
||||
|
||||
* RSA host key (rsa-sha2-512) sizes did not match.
|
||||
* Host key (rsa-sha2-512) sizes did not match.
|
||||
- Expected: 4096
|
||||
- Actual: 3072
|
||||
|
||||
* RSA host key (ssh-rsa) sizes did not match.
|
||||
* Host key (ssh-rsa) sizes did not match.
|
||||
- Expected: 4096
|
||||
- Actual: 3072
|
||||
[0m
|
||||
|
@ -1,3 +1,15 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker policy: test13 (version 1)
|
||||
Result: [0;32m✔ Passed[0m
|
||||
|
@ -1,3 +1,15 @@
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
|
||||
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
|
||||
|
||||
Host: localhost:2222
|
||||
Policy: Docker policy: test14 (version 1)
|
||||
Result: [0;31m❌ Failed![0m
|
||||
|
@ -92,7 +92,9 @@
|
||||
"algorithm": "ssh-ed25519"
|
||||
},
|
||||
{
|
||||
"algorithm": "ssh-ed25519-cert-v01@openssh.com"
|
||||
"algorithm": "ssh-ed25519-cert-v01@openssh.com",
|
||||
"ca_algorithm": "ssh-ed25519",
|
||||
"casize": 256
|
||||
}
|
||||
],
|
||||
"mac": [
|
||||
|
@ -34,7 +34,7 @@
|
||||
|
||||
[0;36m# host-key algorithms[0m
|
||||
[0;32m(key) ssh-ed25519 -- [info] available since OpenSSH 6.5[0m
|
||||
[0;32m(key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5[0m
|
||||
[0;32m(key) ssh-ed25519-cert-v01@openssh.com (256-bit cert/256-bit ssh-ed25519 CA) -- [info] available since OpenSSH 6.5[0m
|
||||
|
||||
[0;36m# encryption algorithms (ciphers)[0m
|
||||
[0;32m(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5[0m
|
||||
|
@ -1,6 +1,7 @@
|
||||
import os
|
||||
import pytest
|
||||
|
||||
from ssh_audit.outputbuffer import OutputBuffer
|
||||
from ssh_audit.ssh2_kex import SSH2_Kex
|
||||
from ssh_audit.ssh2_kexparty import SSH2_KexParty
|
||||
|
||||
@ -13,7 +14,7 @@ def kex(ssh_audit):
|
||||
enc, mac, compression, languages = [], [], ['none'], []
|
||||
srv = SSH2_KexParty(enc, mac, compression, languages)
|
||||
cookie = os.urandom(16)
|
||||
kex = SSH2_Kex(cookie, kex_algs, key_algs, cli, srv, 0)
|
||||
kex = SSH2_Kex(OutputBuffer, cookie, kex_algs, key_algs, cli, srv, 0)
|
||||
return kex
|
||||
|
||||
|
||||
@ -25,15 +26,15 @@ def test_prevent_runtime_error_regression(ssh_audit, kex):
|
||||
keys, and an error occurred when iterating and modifying them at the
|
||||
same time.
|
||||
"""
|
||||
kex.set_host_key("ssh-rsa", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa1", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa2", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa3", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa4", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa5", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa6", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
|
||||
kex.set_host_key("ssh-rsa", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa1", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa2", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa3", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa4", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa5", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa6", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
|
||||
|
||||
rv = ssh_audit.build_struct('localhost', None, [], kex=kex)
|
||||
|
||||
|
@ -2,6 +2,7 @@ import hashlib
|
||||
import pytest
|
||||
from datetime import date
|
||||
|
||||
from ssh_audit.outputbuffer import OutputBuffer
|
||||
from ssh_audit.policy import Policy
|
||||
from ssh_audit.ssh2_kex import SSH2_Kex
|
||||
from ssh_audit.writebuf import WriteBuf
|
||||
@ -10,6 +11,7 @@ from ssh_audit.writebuf import WriteBuf
|
||||
class TestPolicy:
|
||||
@pytest.fixture(autouse=True)
|
||||
def init(self, ssh_audit):
|
||||
self.OutputBuffer = OutputBuffer
|
||||
self.Policy = Policy
|
||||
self.wbuf = WriteBuf
|
||||
self.ssh2_kex = SSH2_Kex
|
||||
@ -32,7 +34,7 @@ class TestPolicy:
|
||||
w.write_list([''])
|
||||
w.write_byte(False)
|
||||
w.write_int(0)
|
||||
return self.ssh2_kex.parse(w.write_flush())
|
||||
return self.ssh2_kex.parse(self.OutputBuffer, w.write_flush())
|
||||
|
||||
|
||||
def test_builtin_policy_consistency(self):
|
||||
|
@ -79,7 +79,7 @@ class TestSSH2:
|
||||
return w.write_flush()
|
||||
|
||||
def test_kex_read(self):
|
||||
kex = self.ssh2_kex.parse(self._kex_payload())
|
||||
kex = self.ssh2_kex.parse(self.OutputBuffer, self._kex_payload())
|
||||
assert kex is not None
|
||||
assert kex.cookie == b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
|
||||
assert kex.kex_algorithms == ['bogus_kex1', 'bogus_kex2']
|
||||
@ -105,7 +105,7 @@ class TestSSH2:
|
||||
srv = self.ssh2_kexparty(enc, mac, compression, languages)
|
||||
if cookie is None:
|
||||
cookie = os.urandom(16)
|
||||
kex = self.ssh2_kex(cookie, kex_algs, key_algs, cli, srv, 0)
|
||||
kex = self.ssh2_kex(self.OutputBuffer, cookie, kex_algs, key_algs, cli, srv, 0)
|
||||
return kex
|
||||
|
||||
def _get_kex_variat1(self):
|
||||
@ -149,7 +149,7 @@ class TestSSH2:
|
||||
|
||||
def test_key_payload(self):
|
||||
kex1 = self._get_kex_variat1()
|
||||
kex2 = self.ssh2_kex.parse(self._kex_payload())
|
||||
kex2 = self.ssh2_kex.parse(self.OutputBuffer, self._kex_payload())
|
||||
assert kex1.payload == kex2.payload
|
||||
|
||||
def test_ssh2_server_simple(self, output_spy, virtual_socket):
|
||||
|
Reference in New Issue
Block a user