elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-06-28 10:23:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Simplified host key test logic.

Browse Source
This commit is contained in:
Joe Testa 2023-04-29 11:59:50 -04:00
parent e172932977
commit 929652c9b7
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -188,7 +188,7 @@ For convenience, a web front-end on top of the command-line tool is available at
- JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337).
- JSON output now includes recommendations and CVE data.
- Mixed host key/CA key types (i.e.: RSA host keys signed with ED25519 CAs, etc.) are now properly handled.
- Warnings are now printed for 2048-bit moduli.
- Warnings are now printed for 2048-bit moduli; partial credit [Adam Russell](https://github.com/thecliguy).
- SHA-1 algorithms now cause failures.
- CBC mode ciphers are now warnings instead of failures.
- Generic failure/warning messages replaced with more specific reasons (i.e.: 'using weak cipher' => 'using broken RC4 cipher').

15
src/ssh_audit/hostkeytest.py
View File

@ -213,20 +213,19 @@ class HostKeyTest:
if host_key_type in HostKeyTest.RSA_FAMILY:
for rsa_type in HostKeyTest.RSA_FAMILY:
host_key_types[rsa_type]['parsed'] = True
# If the current key is a member of the RSA family, then populate all RSA family members with the same
# failure and/or warning comments.
while len(SSH2_KexDB.ALGORITHMS['key'][rsa_type]) < 3:
SSH2_KexDB.ALGORITHMS['key'][rsa_type].append([])
if key_fail_comments:
SSH2_KexDB.ALGORITHMS['key'][rsa_type][1].extend(key_fail_comments)
if key_warn_comments:
SSH2_KexDB.ALGORITHMS['key'][rsa_type][2].extend(key_warn_comments)
SSH2_KexDB.ALGORITHMS['key'][rsa_type][1].extend(key_fail_comments)
SSH2_KexDB.ALGORITHMS['key'][rsa_type][2].extend(key_warn_comments)
else:
host_key_types[host_key_type]['parsed'] = True
while len(SSH2_KexDB.ALGORITHMS['key'][host_key_type]) < 3:
SSH2_KexDB.ALGORITHMS['key'][host_key_type].append([])
if key_fail_comments:
SSH2_KexDB.ALGORITHMS['key'][host_key_type][1].extend(key_fail_comments)
if key_warn_comments:
SSH2_KexDB.ALGORITHMS['key'][host_key_type][2].extend(key_warn_comments)
SSH2_KexDB.ALGORITHMS['key'][host_key_type][1].extend(key_fail_comments)
SSH2_KexDB.ALGORITHMS['key'][host_key_type][2].extend(key_warn_comments)