Added 3 new host keys: ssh-gost2001, ssh-gost2012-256, and ssh-gost2012-512.

README.md

@@ -79,7 +79,7 @@ $ brew install ssh-audit
  - Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
  - Suppress recommendation of token host key types.
  - Added check for use-after-free vulnerability in PuTTY v0.73.
- - Added 2 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`.
+ - Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
  - Added 1 new key exchange: `diffie-hellman-group1-sha256`.
  - Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
  - Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`.

ssh-audit.py

@@ -659,6 +659,7 @@ class SSH2:  # pylint: disable=too-few-public-methods
         WARN_TAG_SIZE_96 = 'using small 96-bit tag size'
         WARN_EXPERIMENTAL = 'using experimental algorithm'
         WARN_OBSOLETE = 'using obsolete algorithm'
+        WARN_UNTRUSTED = 'using untrusted algorithm'
 
         ALGORITHMS = {
             # Format: 'algorithm_name': [['version_first_appeared_in'], [reason_for_failure1, reason_for_failure2, ...], [warning1, warning2, ...]]
@@ -747,6 +748,9 @@ class SSH2:  # pylint: disable=too-few-public-methods
                 'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
                 'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']],
                 'sk-ssh-ed25519@openssh.com': [['8.2']],
+                'ssh-gost2001': [[], [], [WARN_UNTRUSTED]],
+                'ssh-gost2012-256': [[], [], [WARN_UNTRUSTED]],
+                'ssh-gost2012-512': [[], [], [WARN_UNTRUSTED]],
             },
             'enc': {
                 'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],