From 2848c1fb16fcc952c4d4ae21f9decb7530455f6b Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 18 Nov 2019 20:22:12 -0500 Subject: [PATCH] Added two new ciphers: 'des', and '3des'. --- README.md | 3 ++- ssh-audit.py | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f7b7cd1..6ac45fd 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,8 @@ Below is a screen shot of the client-auditing output when an unhardened OpenSSH ## ChangeLog ### v2.2.0 (???) - - Added two new host key types: `rsa-sha2-256-cert-v01@openssh.com`, `rsa-sha2-512-cert-v01@openssh.com`. + - Added 2 new host key types: `rsa-sha2-256-cert-v01@openssh.com`, `rsa-sha2-512-cert-v01@openssh.com`. + - Added 2 new ciphers: `des`, `3des`. ### v2.1.0 (2019-11-14) - Added client software auditing functionality (see `-c` / `--client-audit` option). diff --git a/ssh-audit.py b/ssh-audit.py index fc7f42f..c1b2835 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -393,8 +393,10 @@ class SSH2(object): # pylint: disable=too-few-public-methods }, 'enc': { 'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]], + 'des': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cbc': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cbc-ssh1': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + '3des': [[], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH74_UNSAFE, WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], '3des-cbc': [['1.2.2,d0.28,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH74_UNSAFE, WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], '3des-ctr': [['d0.52'], [FAIL_WEAK_CIPHER]], 'blowfish-cbc': [['1.2.2,d0.28,l10.2', '6.6,d0.52', '7.1,d0.52'], [FAIL_OPENSSH67_UNSAFE, FAIL_DBEAR53_DISABLED], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],