mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-23 06:27:41 +01:00
Added new hostkey types for OpenSSH 8.2.
This commit is contained in:
parent
8cafcd4eb5
commit
99ae10440b
@ -58,7 +58,7 @@ Guides to harden server & client configuration can be found here: [https://www.s
|
|||||||
## ChangeLog
|
## ChangeLog
|
||||||
### v2.1.2 (???)
|
### v2.1.2 (???)
|
||||||
- Added Windows builds.
|
- Added Windows builds.
|
||||||
- Added 6 new host key types: `ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss`, `x509v3-sign-rsa`, `x509v3-sign-rsa-sha256@ssh.com`, `x509v3-ssh-dss`, and `x509v3-ssh-rsa`.
|
- Added 10 new host key types: `ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss`, `x509v3-sign-rsa`, `x509v3-sign-rsa-sha256@ssh.com`, `x509v3-ssh-dss`, `x509v3-ssh-rsa`, `sk-ecdsa-sha2-nistp256-cert-v01@openssh.com`, `sk-ecdsa-sha2-nistp256@openssh.com`, `sk-ssh-ed25519-cert-v01@openssh.com`, and `sk-ssh-ed25519@openssh.com`.
|
||||||
- Added 18 new key exchanges: `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`, `ecdh-sha2-curve25519`, `ecdh-sha2-nistb233`, `ecdh-sha2-nistb409`, `ecdh-sha2-nistk163`, `ecdh-sha2-nistk233`, `ecdh-sha2-nistk283`, `ecdh-sha2-nistk409`, `ecdh-sha2-nistp192`, `ecdh-sha2-nistp224`, `ecdh-sha2-nistt571`, `gss-gex-sha1-`, and `gss-group1-sha1-`.
|
- Added 18 new key exchanges: `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`, `ecdh-sha2-curve25519`, `ecdh-sha2-nistb233`, `ecdh-sha2-nistb409`, `ecdh-sha2-nistk163`, `ecdh-sha2-nistk233`, `ecdh-sha2-nistk283`, `ecdh-sha2-nistk409`, `ecdh-sha2-nistp192`, `ecdh-sha2-nistp224`, `ecdh-sha2-nistt571`, `gss-gex-sha1-`, and `gss-group1-sha1-`.
|
||||||
- Added 3 new ciphers: `aes128-gcm`, `aes256-gcm`, and `chacha20-poly1305`.
|
- Added 3 new ciphers: `aes128-gcm`, `aes256-gcm`, and `chacha20-poly1305`.
|
||||||
- Added 2 new MACs: `aes128-gcm` and `aes256-gcm`.
|
- Added 2 new MACs: `aes128-gcm` and `aes256-gcm`.
|
||||||
|
@ -342,7 +342,6 @@ class SSH2(object): # pylint: disable=too-few-public-methods
|
|||||||
'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
|
'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
|
||||||
'gss-gex-sha1-': [[], [], [WARN_HASH_WEAK]],
|
'gss-gex-sha1-': [[], [], [WARN_HASH_WEAK]],
|
||||||
'gss-group1-sha1-': [[], [], [WARN_HASH_WEAK]],
|
'gss-group1-sha1-': [[], [], [WARN_HASH_WEAK]],
|
||||||
|
|
||||||
'gss-group14-sha1-': [[], [], [WARN_HASH_WEAK]],
|
'gss-group14-sha1-': [[], [], [WARN_HASH_WEAK]],
|
||||||
'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
|
'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
|
||||||
'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],
|
'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],
|
||||||
@ -416,6 +415,10 @@ class SSH2(object): # pylint: disable=too-few-public-methods
|
|||||||
'rsa-sha2-512-cert-v01@openssh.com': [['7.8']],
|
'rsa-sha2-512-cert-v01@openssh.com': [['7.8']],
|
||||||
'ssh-rsa-sha256@ssh.com': [[]],
|
'ssh-rsa-sha256@ssh.com': [[]],
|
||||||
'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve)
|
'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve)
|
||||||
|
'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
||||||
|
'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
||||||
|
'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']],
|
||||||
|
'sk-ssh-ed25519@openssh.com': [['8.2']],
|
||||||
},
|
},
|
||||||
'enc': {
|
'enc': {
|
||||||
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
||||||
|
Loading…
Reference in New Issue
Block a user