From a6f02ae8e8448a7126ee1b7c9e97e1ef9a16210f Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 26 Aug 2024 16:25:32 -0400 Subject: [PATCH] Added debugging output for key exchanges. --- src/ssh_audit/ssh2_kex.py | 15 ++++++++++++++- src/ssh_audit/ssh2_kexparty.py | 8 ++++++++ src/ssh_audit/ssh_audit.py | 3 ++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/ssh_audit/ssh2_kex.py b/src/ssh_audit/ssh2_kex.py index d71724f..d201aeb 100644 --- a/src/ssh_audit/ssh2_kex.py +++ b/src/ssh_audit/ssh2_kex.py @@ -1,7 +1,7 @@ """ The MIT License (MIT) - Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com) + Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy @@ -132,3 +132,16 @@ class SSH2_Kex: srv = SSH2_KexParty(srv_enc, srv_mac, srv_compression, srv_languages) kex = cls(outputbuffer, cookie, kex_algs, key_algs, cli, srv, follows, unused) return kex + + def __str__(self) -> str: + ret = "----\nSSH2_Kex object:" + ret += "\nHost keys: " + ret += ", ".join(self.__key_algs) + ret += "\nKey exchanges: " + ret += ", ".join(self.__kex_algs) + ret += "\nClient SSH2_KexParty:" + ret += "\n" + str(self.__client) + ret += "\nServer SSH2_KexParty:" + ret += "\n" + str(self.__server) + ret += "\n----" + return ret diff --git a/src/ssh_audit/ssh2_kexparty.py b/src/ssh_audit/ssh2_kexparty.py index 52b5ac5..0f29a2a 100644 --- a/src/ssh_audit/ssh2_kexparty.py +++ b/src/ssh_audit/ssh2_kexparty.py @@ -1,6 +1,7 @@ """ The MIT License (MIT) + Copyright (C) 2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy @@ -48,3 +49,10 @@ class SSH2_KexParty: @property def languages(self) -> List[str]: return self.__languages + + def __str__(self) -> str: + ret = "Ciphers: " + ", ".join(self.__enc) + ret += "\nMACs: " + ", ".join(self.__mac) + ret += "\nCompressions: " + ", ".join(self.__compression) + ret += "\nLanguages: " + ", ".join(self.__languages) + return ret diff --git a/src/ssh_audit/ssh_audit.py b/src/ssh_audit/ssh_audit.py index 2c52576..2e6ca1e 100755 --- a/src/ssh_audit/ssh_audit.py +++ b/src/ssh_audit/ssh_audit.py @@ -2,7 +2,7 @@ """ The MIT License (MIT) - Copyright (C) 2017-2023 Joe Testa (jtesta@positronsecurity.com) + Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy @@ -1317,6 +1317,7 @@ def audit(out: OutputBuffer, aconf: AuditConf, sshv: Optional[int] = None, print elif sshv == 2: try: kex = SSH2_Kex.parse(out, payload) + out.d(str(kex)) except Exception: out.fail("Failed to parse server's kex. Stack trace:\n%s" % str(traceback.format_exc())) return exitcodes.CONNECTION_ERROR