mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 22:15:22 +01:00
Simplified host key test logic.
This commit is contained in:
parent
e172932977
commit
929652c9b7
@ -188,7 +188,7 @@ For convenience, a web front-end on top of the command-line tool is available at
|
|||||||
- JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337).
|
- JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337).
|
||||||
- JSON output now includes recommendations and CVE data.
|
- JSON output now includes recommendations and CVE data.
|
||||||
- Mixed host key/CA key types (i.e.: RSA host keys signed with ED25519 CAs, etc.) are now properly handled.
|
- Mixed host key/CA key types (i.e.: RSA host keys signed with ED25519 CAs, etc.) are now properly handled.
|
||||||
- Warnings are now printed for 2048-bit moduli.
|
- Warnings are now printed for 2048-bit moduli; partial credit [Adam Russell](https://github.com/thecliguy).
|
||||||
- SHA-1 algorithms now cause failures.
|
- SHA-1 algorithms now cause failures.
|
||||||
- CBC mode ciphers are now warnings instead of failures.
|
- CBC mode ciphers are now warnings instead of failures.
|
||||||
- Generic failure/warning messages replaced with more specific reasons (i.e.: 'using weak cipher' => 'using broken RC4 cipher').
|
- Generic failure/warning messages replaced with more specific reasons (i.e.: 'using weak cipher' => 'using broken RC4 cipher').
|
||||||
|
@ -213,20 +213,19 @@ class HostKeyTest:
|
|||||||
if host_key_type in HostKeyTest.RSA_FAMILY:
|
if host_key_type in HostKeyTest.RSA_FAMILY:
|
||||||
for rsa_type in HostKeyTest.RSA_FAMILY:
|
for rsa_type in HostKeyTest.RSA_FAMILY:
|
||||||
host_key_types[rsa_type]['parsed'] = True
|
host_key_types[rsa_type]['parsed'] = True
|
||||||
|
|
||||||
# If the current key is a member of the RSA family, then populate all RSA family members with the same
|
# If the current key is a member of the RSA family, then populate all RSA family members with the same
|
||||||
# failure and/or warning comments.
|
# failure and/or warning comments.
|
||||||
while len(SSH2_KexDB.ALGORITHMS['key'][rsa_type]) < 3:
|
while len(SSH2_KexDB.ALGORITHMS['key'][rsa_type]) < 3:
|
||||||
SSH2_KexDB.ALGORITHMS['key'][rsa_type].append([])
|
SSH2_KexDB.ALGORITHMS['key'][rsa_type].append([])
|
||||||
if key_fail_comments:
|
|
||||||
SSH2_KexDB.ALGORITHMS['key'][rsa_type][1].extend(key_fail_comments)
|
SSH2_KexDB.ALGORITHMS['key'][rsa_type][1].extend(key_fail_comments)
|
||||||
if key_warn_comments:
|
SSH2_KexDB.ALGORITHMS['key'][rsa_type][2].extend(key_warn_comments)
|
||||||
SSH2_KexDB.ALGORITHMS['key'][rsa_type][2].extend(key_warn_comments)
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
host_key_types[host_key_type]['parsed'] = True
|
host_key_types[host_key_type]['parsed'] = True
|
||||||
while len(SSH2_KexDB.ALGORITHMS['key'][host_key_type]) < 3:
|
while len(SSH2_KexDB.ALGORITHMS['key'][host_key_type]) < 3:
|
||||||
SSH2_KexDB.ALGORITHMS['key'][host_key_type].append([])
|
SSH2_KexDB.ALGORITHMS['key'][host_key_type].append([])
|
||||||
if key_fail_comments:
|
|
||||||
SSH2_KexDB.ALGORITHMS['key'][host_key_type][1].extend(key_fail_comments)
|
SSH2_KexDB.ALGORITHMS['key'][host_key_type][1].extend(key_fail_comments)
|
||||||
if key_warn_comments:
|
SSH2_KexDB.ALGORITHMS['key'][host_key_type][2].extend(key_warn_comments)
|
||||||
SSH2_KexDB.ALGORITHMS['key'][host_key_type][2].extend(key_warn_comments)
|
|
||||||
|
Loading…
Reference in New Issue
Block a user