mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 22:15:22 +01:00
Added 6 new host key types: 'spi-sign-rsa', 'ssh-ed448', 'x509v3-ecdsa-sha2-nistp256', 'x509v3-ecdsa-sha2-nistp384', 'x509v3-ecdsa-sha2-nistp521', 'x509v3-rsa2048-sha256'. Added 5 new key exchanges: 'gss-group14-sha256-', 'gss-group15-sha512-', 'gss-group16-sha512-', 'gss-nistp256-sha256-', 'gss-curve25519-sha256-'.
This commit is contained in:
parent
3e20f7c622
commit
4cae6aff43
@ -85,15 +85,15 @@ $ brew install ssh-audit
|
|||||||
```
|
```
|
||||||
|
|
||||||
## ChangeLog
|
## ChangeLog
|
||||||
### v2.2.1-dev (???)
|
### v2.3.0 (???)
|
||||||
- Created new man page (see ssh-audit.1 file).
|
- Created new man page (see `ssh-audit.1` file).
|
||||||
- 1024-bit moduli upgraded from warnings to failures.
|
- 1024-bit moduli upgraded from warnings to failures.
|
||||||
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00).
|
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00).
|
||||||
- Added feature to look up algorithms in internal database (see `--lookup`); credit [Adam Russell](https://github.com/thecliguy).
|
- Added feature to look up algorithms in internal database (see `--lookup`); credit [Adam Russell](https://github.com/thecliguy).
|
||||||
- Suppress recommendation of token host key types.
|
- Suppress recommendation of token host key types.
|
||||||
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
||||||
- Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
|
- Added 11 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`, `spki-sign-rsa`, `ssh-ed448`, `x509v3-ecdsa-sha2-nistp256`, `x509v3-ecdsa-sha2-nistp384`, `x509v3-ecdsa-sha2-nistp521`, `x509v3-rsa2048-sha256`.
|
||||||
- Added 3 new key exchanges: `diffie-hellman-group1-sha256`, `kexAlgoCurve25519SHA256`, `Curve25519SHA256`.
|
- Added 8 new key exchanges: `diffie-hellman-group1-sha256`, `kexAlgoCurve25519SHA256`, `Curve25519SHA256`, `gss-group14-sha256-`, `gss-group15-sha512-`, `gss-group16-sha512-`, `gss-nistp256-sha256-`, `gss-curve25519-sha256-`.
|
||||||
- Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
|
- Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
|
||||||
- Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`.
|
- Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`.
|
||||||
|
|
||||||
|
11
ssh-audit.py
11
ssh-audit.py
@ -764,8 +764,13 @@ class SSH2: # pylint: disable=too-few-public-methods
|
|||||||
'gss-group1-sha1-': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]],
|
'gss-group1-sha1-': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]],
|
||||||
'gss-group14-sha1-': [[], [], [WARN_HASH_WEAK]],
|
'gss-group14-sha1-': [[], [], [WARN_HASH_WEAK]],
|
||||||
'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
|
'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
|
||||||
|
'gss-group14-sha256-': [[]],
|
||||||
'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],
|
'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],
|
||||||
|
'gss-group15-sha512-': [[]],
|
||||||
'gss-group15-sha512-toWM5Slw5Ew8Mqkay+al2g==': [[]],
|
'gss-group15-sha512-toWM5Slw5Ew8Mqkay+al2g==': [[]],
|
||||||
|
'gss-group16-sha512-': [[]],
|
||||||
|
'gss-nistp256-sha256-': [[], [WARN_CURVES_WEAK]],
|
||||||
|
'gss-curve25519-sha256-': [[]],
|
||||||
'diffie-hellman-group1-sha256': [[], [FAIL_1024BIT_MODULUS]],
|
'diffie-hellman-group1-sha256': [[], [FAIL_1024BIT_MODULUS]],
|
||||||
'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [], [WARN_HASH_WEAK]],
|
'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [], [WARN_HASH_WEAK]],
|
||||||
'diffie-hellman-group14-sha256': [['7.3,d2016.73']],
|
'diffie-hellman-group14-sha256': [['7.3,d2016.73']],
|
||||||
@ -846,6 +851,12 @@ class SSH2: # pylint: disable=too-few-public-methods
|
|||||||
'ssh-gost2001': [[], [], [WARN_UNTRUSTED]],
|
'ssh-gost2001': [[], [], [WARN_UNTRUSTED]],
|
||||||
'ssh-gost2012-256': [[], [], [WARN_UNTRUSTED]],
|
'ssh-gost2012-256': [[], [], [WARN_UNTRUSTED]],
|
||||||
'ssh-gost2012-512': [[], [], [WARN_UNTRUSTED]],
|
'ssh-gost2012-512': [[], [], [WARN_UNTRUSTED]],
|
||||||
|
'spi-sign-rsa': [[]],
|
||||||
|
'ssh-ed448': [[]],
|
||||||
|
'x509v3-ecdsa-sha2-nistp256': [[], [WARN_CURVES_WEAK]],
|
||||||
|
'x509v3-ecdsa-sha2-nistp384': [[], [WARN_CURVES_WEAK]],
|
||||||
|
'x509v3-ecdsa-sha2-nistp521': [[], [WARN_CURVES_WEAK]],
|
||||||
|
'x509v3-rsa2048-sha256': [[]],
|
||||||
},
|
},
|
||||||
'enc': {
|
'enc': {
|
||||||
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
||||||
|
Loading…
Reference in New Issue
Block a user