From 2cff202b327b1e47ab21f09ec9ca7ea60993324b Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Thu, 14 Nov 2019 16:45:40 -0500
Subject: [PATCH] Added two new host key types:
 'rsa-sha2-256-cert-v01@openssh.com' and 'rsa-sha2-512-cert-v01@openssh.com'.

---
 README.md    | 2 +-
 ssh-audit.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5556a8c..f7b7cd1 100644
--- a/README.md
+++ b/README.md
@@ -53,7 +53,7 @@ Below is a screen shot of the client-auditing output when an unhardened OpenSSH
 
 ## ChangeLog
 ### v2.2.0 (???)
- - ???
+ - Added two new host key types: `rsa-sha2-256-cert-v01@openssh.com`, `rsa-sha2-512-cert-v01@openssh.com`.
 
 ### v2.1.0 (2019-11-14)
  - Added client software auditing functionality (see `-c` / `--client-audit` option).
diff --git a/ssh-audit.py b/ssh-audit.py
index 1e38985..fc7f42f 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -386,6 +386,8 @@ class SSH2(object):  # pylint: disable=too-few-public-methods
 				'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
 				'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
 				'ecdsa-sha2-nistp521-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
+				'rsa-sha2-256-cert-v01@openssh.com': [['7.8']],
+				'rsa-sha2-512-cert-v01@openssh.com': [['7.8']],
 				'ssh-rsa-sha256@ssh.com': [[]],
 				'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve)
 			},