From 3b8a75e407c1a6474677fa071e948229617f8faa Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Wed, 25 Sep 2024 17:34:18 -0400
Subject: [PATCH] Server kex/host key parsing failures no longer output a stack
 trace unless in debug mode.

---
 src/ssh_audit/hostkeytest.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/ssh_audit/hostkeytest.py b/src/ssh_audit/hostkeytest.py
index f9129bc..aeef306 100644
--- a/src/ssh_audit/hostkeytest.py
+++ b/src/ssh_audit/hostkeytest.py
@@ -151,7 +151,12 @@ class HostKeyTest:
                         _, payload = s.read_packet()
                         SSH2_Kex.parse(out, payload)
                     except Exception:
-                        out.v("Failed to parse server's kex.  Stack trace:\n%s" % str(traceback.format_exc()), write_now=True)
+                        msg = "Failed to parse server's kex."
+                        if not out.debug:
+                            msg += "  Re-run in debug mode to see stack trace."
+
+                        out.v(msg, write_now=True)
+                        out.d("Stack trace:\n%s" % str(traceback.format_exc()), write_now=True)
                         return
 
                 # Do the initial DH exchange.  The server responds back
@@ -162,7 +167,12 @@ class HostKeyTest:
                     kex_reply = kex_group.recv_reply(s)
                     raw_hostkey_bytes = kex_reply if kex_reply is not None else b''
                 except KexDHException:
-                    out.v("Failed to parse server's host key.  Stack trace:\n%s" % str(traceback.format_exc()), write_now=True)
+                    msg = "Failed to parse server's host key."
+                    if not out.debug:
+                        msg += "  Re-run in debug mode to see stack trace."
+
+                    out.v(msg, write_now=True)
+                    out.d("Stack trace:\n%s" % str(traceback.format_exc()), write_now=True)
 
                     # Since parsing this host key failed, there's nothing more to do but close the socket and move on to the next host key type.
                     s.close()