Simplified host key test logic.

README.md

@@ -188,7 +188,7 @@ For convenience, a web front-end on top of the command-line tool is available at
  - JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337).
  - JSON output now includes recommendations and CVE data.
  - Mixed host key/CA key types (i.e.: RSA host keys signed with ED25519 CAs, etc.) are now properly handled.
- - Warnings are now printed for 2048-bit moduli.
+ - Warnings are now printed for 2048-bit moduli; partial credit [Adam Russell](https://github.com/thecliguy).
  - SHA-1 algorithms now cause failures.
  - CBC mode ciphers are now warnings instead of failures.
  - Generic failure/warning messages replaced with more specific reasons (i.e.: 'using weak cipher' => 'using broken RC4 cipher').

src/ssh_audit/hostkeytest.py

@@ -213,20 +213,19 @@ class HostKeyTest:
                 if host_key_type in HostKeyTest.RSA_FAMILY:
                     for rsa_type in HostKeyTest.RSA_FAMILY:
                         host_key_types[rsa_type]['parsed'] = True
+
                         # If the current key is a member of the RSA family, then populate all RSA family members with the same
                         # failure and/or warning comments.
                         while len(SSH2_KexDB.ALGORITHMS['key'][rsa_type]) < 3:
                             SSH2_KexDB.ALGORITHMS['key'][rsa_type].append([])
-                        if key_fail_comments:
-                            SSH2_KexDB.ALGORITHMS['key'][rsa_type][1].extend(key_fail_comments)
-                        if key_warn_comments:
-                            SSH2_KexDB.ALGORITHMS['key'][rsa_type][2].extend(key_warn_comments)
+
+                        SSH2_KexDB.ALGORITHMS['key'][rsa_type][1].extend(key_fail_comments)
+                        SSH2_KexDB.ALGORITHMS['key'][rsa_type][2].extend(key_warn_comments)
 
                 else:
                     host_key_types[host_key_type]['parsed'] = True
                     while len(SSH2_KexDB.ALGORITHMS['key'][host_key_type]) < 3:
                         SSH2_KexDB.ALGORITHMS['key'][host_key_type].append([])
-                    if key_fail_comments:
-                        SSH2_KexDB.ALGORITHMS['key'][host_key_type][1].extend(key_fail_comments)
-                    if key_warn_comments:
-                        SSH2_KexDB.ALGORITHMS['key'][host_key_type][2].extend(key_warn_comments)
+
+                    SSH2_KexDB.ALGORITHMS['key'][host_key_type][1].extend(key_fail_comments)
+                    SSH2_KexDB.ALGORITHMS['key'][host_key_type][2].extend(key_warn_comments)