elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2026-05-25 23:41:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge cfd8600867 into e42961fa9a

Browse Source
This commit is contained in:
dreizehnutters
2024-07-03 10:16:30 +00:00
committed by GitHub
parent e42961fa9a cfd8600867
commit 782d245093
2 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ssh_audit/hostkeytest.py
+12 -2
View File
@@ -50,10 +50,20 @@ class HostKeyTest:
'rsa-sha2-256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, 'rsa-sha2-256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'rsa-sha2-512-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, 'rsa-sha2-512-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'ssh-ed25519': {'cert': False, 'variable_key_len': False}, 'ssh-ed25519': {'cert': False, 'variable_key_len': True},
'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, 'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'ecdsa-sha2-nistp256': {'cert': False, 'variable_key_len': True},
'ecdsa-sha2-nistp256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'ecdsa-sha2-nistp384': {'cert': False, 'variable_key_len': True},
'ecdsa-sha2-nistp384-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
'ecdsa-sha2-nistp521': {'cert': False, 'variable_key_len': True},
'ecdsa-sha2-nistp521-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}
} }
TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength' TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength'
SMALL_ECC_MODULUS_WARNING = '224-bit ECC modulus only provides 112-bits of symmetric strength' SMALL_ECC_MODULUS_WARNING = '224-bit ECC modulus only provides 112-bits of symmetric strength'
src/ssh_audit/ssh_audit.py
+2 -6
View File
@@ -735,7 +735,7 @@ def evaluate_policy(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banne
passed, error_struct, error_str = aconf.policy.evaluate(banner, kex) passed, error_struct, error_str = aconf.policy.evaluate(banner, kex)
if aconf.json: if aconf.json:
json_struct = {'host': aconf.host, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct} json_struct = {'target': aconf.host + ":" + str(aconf.port), 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct}
out.info(json.dumps(json_struct, indent=4 if aconf.json_print_indent else None, sort_keys=True)) out.info(json.dumps(json_struct, indent=4 if aconf.json_print_indent else None, sort_keys=True))
else: else:
spacing = '' spacing = ''
@@ -1150,17 +1150,13 @@ def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[s
} }
if algorithm in host_keys: if algorithm in host_keys:
hostkey_info = host_keys[algorithm] hostkey_info = host_keys[algorithm]
hostkey_size = cast(int, hostkey_info['hostkey_size']) entry['keysize'] = cast(int, hostkey_info['hostkey_size'])
ca_type = '' ca_type = ''
ca_size = 0 ca_size = 0
if 'ca_key_type' in hostkey_info: if 'ca_key_type' in hostkey_info:
ca_type = cast(str, hostkey_info['ca_key_type']) ca_type = cast(str, hostkey_info['ca_key_type'])
if 'ca_key_size' in hostkey_info: if 'ca_key_size' in hostkey_info:
ca_size = cast(int, hostkey_info['ca_key_size']) ca_size = cast(int, hostkey_info['ca_key_size'])
if algorithm in HostKeyTest.RSA_FAMILY or algorithm.startswith('ssh-rsa-cert-v0'):
entry['keysize'] = hostkey_size
if ca_size > 0: if ca_size > 0:
entry['ca_algorithm'] = ca_type entry['ca_algorithm'] = ca_type
entry['casize'] = ca_size entry['casize'] = ca_size