elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2026-05-25 15:31:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge 066dcf4899 into dcbc43acdf

Browse Source
This commit is contained in:
dreizehnutters
2024-07-02 20:59:20 -04:00
committed by GitHub
parent dcbc43acdf 066dcf4899
commit 2c4642235b
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ssh_audit/hostkeytest.py
+13 -3
View File
@@ -50,9 +50,19 @@ class HostKeyTest:
'rsa-sha2-256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, 'rsa-sha2-256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'rsa-sha2-512-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, 'rsa-sha2-512-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'ssh-ed25519': {'cert': False, 'variable_key_len': False}, 'ssh-ed25519': {'cert': False, 'variable_key_len': True},
'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, 'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
}
'ecdsa-sha2-nistp256': {'cert': False, 'variable_key_len': True},
'ecdsa-sha2-nistp256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'ecdsa-sha2-nistp384': {'cert': False, 'variable_key_len': True},
'ecdsa-sha2-nistp384-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'ecdsa-sha2-nistp521': {'cert': False, 'variable_key_len': True},
'ecdsa-sha2-nistp521-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}
}
TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength' TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength'
SMALL_ECC_MODULUS_WARNING = '224-bit ECC modulus only provides 112-bits of symmetric strength' SMALL_ECC_MODULUS_WARNING = '224-bit ECC modulus only provides 112-bits of symmetric strength'
src/ssh_audit/ssh_audit.py
+1 -5
View File
@@ -1150,17 +1150,13 @@ def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[s
} }
if algorithm in host_keys: if algorithm in host_keys:
hostkey_info = host_keys[algorithm] hostkey_info = host_keys[algorithm]
hostkey_size = cast(int, hostkey_info['hostkey_size']) entry['keysize'] = cast(int, hostkey_info['hostkey_size'])
ca_type = '' ca_type = ''
ca_size = 0 ca_size = 0
if 'ca_key_type' in hostkey_info: if 'ca_key_type' in hostkey_info:
ca_type = cast(str, hostkey_info['ca_key_type']) ca_type = cast(str, hostkey_info['ca_key_type'])
if 'ca_key_size' in hostkey_info: if 'ca_key_size' in hostkey_info:
ca_size = cast(int, hostkey_info['ca_key_size']) ca_size = cast(int, hostkey_info['ca_key_size'])
if algorithm in HostKeyTest.RSA_FAMILY or algorithm.startswith('ssh-rsa-cert-v0'):
entry['keysize'] = hostkey_size
if ca_size > 0: if ca_size > 0:
entry['ca_algorithm'] = ca_type entry['ca_algorithm'] = ca_type
entry['casize'] = ca_size entry['casize'] = ca_size