diff --git a/README.md b/README.md index 5556a8c..f7b7cd1 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ Below is a screen shot of the client-auditing output when an unhardened OpenSSH ## ChangeLog ### v2.2.0 (???) - - ??? + - Added two new host key types: `rsa-sha2-256-cert-v01@openssh.com`, `rsa-sha2-512-cert-v01@openssh.com`. ### v2.1.0 (2019-11-14) - Added client software auditing functionality (see `-c` / `--client-audit` option). diff --git a/ssh-audit.py b/ssh-audit.py index 1e38985..fc7f42f 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -386,6 +386,8 @@ class SSH2(object): # pylint: disable=too-few-public-methods 'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp521-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], + 'rsa-sha2-256-cert-v01@openssh.com': [['7.8']], + 'rsa-sha2-512-cert-v01@openssh.com': [['7.8']], 'ssh-rsa-sha256@ssh.com': [[]], 'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve) },