From b72f6a420fbcc5a257496485f549d9ce539077b7 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Sun, 28 Jan 2024 17:37:21 -0500 Subject: [PATCH] Added note regarding general OpenSSH policies failing against platforms with back-ported features. (#236) --- src/ssh_audit/ssh_audit.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssh_audit/ssh_audit.py b/src/ssh_audit/ssh_audit.py index 61e8c10..457ecdf 100755 --- a/src/ssh_audit/ssh_audit.py +++ b/src/ssh_audit/ssh_audit.py @@ -814,6 +814,7 @@ def list_policies(out: OutputBuffer) -> None: out.fail("Error: no built-in policies found!") else: out.info("\nHint: Use -P and provide the full name of a policy to run a policy scan with.\n") + out.info("Note: the general OpenSSH policies apply to the official releases only. OS distributions may back-port changes that cause failures (for example, Debian 11 back-ported the strict KEX mode into their package of OpenSSH v8.4, whereas it was only officially added to OpenSSH v9.6 and later). In these cases, consider creating a custom policy (-M option).\n") out.write()