From 2a87860e84932dc8736af5da0c9121af3b0c358e Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Tue, 29 Sep 2020 15:03:41 -0400 Subject: [PATCH] Added 1 new cipher: des-cbc@ssh.com. Bumped version. --- README.md | 3 +++ ssh-audit.py | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index df0f592..8f2e4b3 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,9 @@ $ brew install ssh-audit For convenience, a web front-end on top of the command-line tool is available at [https://www.ssh-audit.com/](https://www.ssh-audit.com/). ## ChangeLog +### v2.3.1-dev (???) + - Added 1 new cipher: `des-cbc@ssh.com`. + ### v2.3.0 (2020-09-27) - Added new policy auditing functionality to test adherence to a hardening guide/standard configuration (see `-L`/`--list-policies`, `-M`/`--make-policy` and `-P`/`--policy`). For an in-depth tutorial, see . - Created new man page (see `ssh-audit.1` file). diff --git a/ssh-audit.py b/ssh-audit.py index 3884996..efcf2c3 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -44,7 +44,7 @@ import traceback from typing import Dict, List, Set, Sequence, Tuple, Iterable from typing import Callable, Optional, Union, Any -VERSION = 'v2.3.0' +VERSION = 'v2.3.1-dev' SSH_HEADER = 'SSH-{0}-OpenSSH_8.2' # SSH software to impersonate GITHUB_ISSUES_URL = 'https://github.com/jtesta/ssh-audit/issues' # The URL to the Github issues tracker. @@ -1000,6 +1000,7 @@ class SSH2: # pylint: disable=too-few-public-methods 'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]], 'des': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cbc': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'des-cbc@ssh.com': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cbc-ssh1': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], '3des': [[], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH74_UNSAFE, WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], '3des-cbc': [['1.2.2,d0.28,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH74_UNSAFE, WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],