mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 22:15:22 +01:00
Added 3 new host keys: ssh-gost2001, ssh-gost2012-256, and ssh-gost2012-512.
This commit is contained in:
parent
1410894f45
commit
85f14720cb
@ -79,7 +79,7 @@ $ brew install ssh-audit
|
|||||||
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
|
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
|
||||||
- Suppress recommendation of token host key types.
|
- Suppress recommendation of token host key types.
|
||||||
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
||||||
- Added 2 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`.
|
- Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
|
||||||
- Added 1 new key exchange: `diffie-hellman-group1-sha256`.
|
- Added 1 new key exchange: `diffie-hellman-group1-sha256`.
|
||||||
- Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
|
- Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
|
||||||
- Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`.
|
- Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`.
|
||||||
|
@ -659,6 +659,7 @@ class SSH2: # pylint: disable=too-few-public-methods
|
|||||||
WARN_TAG_SIZE_96 = 'using small 96-bit tag size'
|
WARN_TAG_SIZE_96 = 'using small 96-bit tag size'
|
||||||
WARN_EXPERIMENTAL = 'using experimental algorithm'
|
WARN_EXPERIMENTAL = 'using experimental algorithm'
|
||||||
WARN_OBSOLETE = 'using obsolete algorithm'
|
WARN_OBSOLETE = 'using obsolete algorithm'
|
||||||
|
WARN_UNTRUSTED = 'using untrusted algorithm'
|
||||||
|
|
||||||
ALGORITHMS = {
|
ALGORITHMS = {
|
||||||
# Format: 'algorithm_name': [['version_first_appeared_in'], [reason_for_failure1, reason_for_failure2, ...], [warning1, warning2, ...]]
|
# Format: 'algorithm_name': [['version_first_appeared_in'], [reason_for_failure1, reason_for_failure2, ...], [warning1, warning2, ...]]
|
||||||
@ -747,6 +748,9 @@ class SSH2: # pylint: disable=too-few-public-methods
|
|||||||
'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
||||||
'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']],
|
'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']],
|
||||||
'sk-ssh-ed25519@openssh.com': [['8.2']],
|
'sk-ssh-ed25519@openssh.com': [['8.2']],
|
||||||
|
'ssh-gost2001': [[], [], [WARN_UNTRUSTED]],
|
||||||
|
'ssh-gost2012-256': [[], [], [WARN_UNTRUSTED]],
|
||||||
|
'ssh-gost2012-512': [[], [], [WARN_UNTRUSTED]],
|
||||||
},
|
},
|
||||||
'enc': {
|
'enc': {
|
||||||
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
||||||
|
Loading…
Reference in New Issue
Block a user