From c49a0fb22fc4fd4469804435da5fb74ea2d5d419 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 1 Feb 2021 19:19:46 -0500 Subject: [PATCH] Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types. --- README.md | 2 ++ src/ssh_audit/hostkeytest.py | 12 ++++++++++-- src/ssh_audit/ssh2_kexdb.py | 13 +++++++------ .../expected_results/dropbear_2019.78_test1.txt | 3 ++- .../docker/expected_results/openssh_4.0p1_test1.txt | 3 ++- .../docker/expected_results/openssh_5.6p1_test1.txt | 3 ++- .../docker/expected_results/openssh_5.6p1_test2.txt | 6 ++++-- .../docker/expected_results/openssh_5.6p1_test3.txt | 6 ++++-- .../docker/expected_results/openssh_5.6p1_test4.txt | 4 +++- .../docker/expected_results/openssh_5.6p1_test5.txt | 2 ++ .../docker/expected_results/openssh_8.0p1_test1.txt | 1 + test/test_ssh2.py | 2 +- 12 files changed, 40 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 4986903..7f48ad7 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,8 @@ For convenience, a web front-end on top of the command-line tool is available at ### v2.4.0-dev (???) - Added multi-threaded scanning support. - Added version check for OpenSSH user enumeration (CVE-2018-15473). + - Added deprecation note to host key types based on SHA-1. + - Upgraded warnings to failures for host key types based on SHA-1. - Fixed crash when receiving unexpected response during host key test. - Fixed hang against older Cisco devices during host key test & gex test. - Fixed improper termination while scanning multiple targets when one target returns an error. diff --git a/src/ssh_audit/hostkeytest.py b/src/ssh_audit/hostkeytest.py index 92342c5..fe1bba3 100644 --- a/src/ssh_audit/hostkeytest.py +++ b/src/ssh_audit/hostkeytest.py @@ -155,12 +155,20 @@ class HostKeyTest: if (cert is False) and (hostkey_modulus_size < 2048): for rsa_type in HostKeyTest.RSA_FAMILY: alg_list = SSH2_KexDB.ALGORITHMS['key'][rsa_type] - alg_list.append(['using small %d-bit modulus' % hostkey_modulus_size]) + + # If no failure list exists, add an empty failure list. + if len(alg_list) < 2: + alg_list.append([]) + alg_list[1].append('using small %d-bit modulus' % hostkey_modulus_size) elif (cert is True) and ((hostkey_modulus_size < 2048) or (ca_modulus_size > 0 and ca_modulus_size < 2048)): # pylint: disable=chained-comparison alg_list = SSH2_KexDB.ALGORITHMS['key'][host_key_type] min_modulus = min(hostkey_modulus_size, ca_modulus_size) min_modulus = min_modulus if min_modulus > 0 else max(hostkey_modulus_size, ca_modulus_size) - alg_list.append(['using small %d-bit modulus' % min_modulus]) + + # If no failure list exists, add an empty failure list. + if len(alg_list) < 2: + alg_list.append([]) + alg_list[1].append('using small %d-bit modulus' % min_modulus) # If this host key type is in the RSA family, then mark them all as parsed (since results in one are valid for them all). if host_key_type in HostKeyTest.RSA_FAMILY: diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py index 68750bd..b695bfe 100644 --- a/src/ssh_audit/ssh2_kexdb.py +++ b/src/ssh_audit/ssh2_kexdb.py @@ -37,7 +37,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods FAIL_OPENSSH67_UNSAFE = 'removed (in server) since OpenSSH 6.7, unsafe algorithm' FAIL_OPENSSH61_REMOVE = 'removed since OpenSSH 6.1, removed from specification' FAIL_OPENSSH31_REMOVE = 'removed since OpenSSH 3.1' - INFO_OPENSSH82_FUTURE_DEPRECATION = 'A future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2' + INFO_OPENSSH82_FUTURE_DEPRECATION = 'a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2' FAIL_DBEAR67_DISABLED = 'disabled since Dropbear SSH 2015.67' FAIL_DBEAR53_DISABLED = 'disabled since Dropbear SSH 0.53' FAIL_DEPRECATED_CIPHER = 'deprecated cipher' @@ -47,6 +47,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods FAIL_DEPRECATED_MAC = 'deprecated MAC' FAIL_1024BIT_MODULUS = 'using small 1024-bit modulus' FAIL_UNPROVEN = 'using unproven algorithm' + FAIL_HASH_WEAK = 'using weak hashing algorithm' WARN_CURVES_WEAK = 'using weak elliptic curves' WARN_RNDSIG_KEY = 'using weak random number generator could reveal the key' WARN_HASH_WEAK = 'using weak hashing algorithm' @@ -128,20 +129,20 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'rsa-sha2-512': [['7.2']], 'ssh-ed25519': [['6.5,l10.7.0']], 'ssh-ed25519-cert-v01@openssh.com': [['6.5']], - 'ssh-rsa': [['2.5.0,d0.28,l10.2'], [WARN_HASH_WEAK], [], [INFO_OPENSSH82_FUTURE_DEPRECATION]], + 'ssh-rsa': [['2.5.0,d0.28,l10.2'], [FAIL_HASH_WEAK], [], [INFO_OPENSSH82_FUTURE_DEPRECATION]], 'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp521': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve) 'x509v3-sign-dss': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], - 'x509v3-sign-rsa': [[], [], [WARN_HASH_WEAK]], + 'x509v3-sign-rsa': [[], [FAIL_HASH_WEAK], [], [INFO_OPENSSH82_FUTURE_DEPRECATION]], 'x509v3-sign-rsa-sha256@ssh.com': [[]], 'x509v3-ssh-dss': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], - 'x509v3-ssh-rsa': [[], [], [WARN_HASH_WEAK]], - 'ssh-rsa-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_OPENSSH70_LEGACY], []], + 'x509v3-ssh-rsa': [[], [FAIL_HASH_WEAK], [], [INFO_OPENSSH82_FUTURE_DEPRECATION]], + 'ssh-rsa-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_OPENSSH70_LEGACY, FAIL_HASH_WEAK], [], [INFO_OPENSSH82_FUTURE_DEPRECATION]], 'ssh-dss-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_LEGACY], [WARN_RNDSIG_KEY]], - 'ssh-rsa-cert-v01@openssh.com': [['5.6'], [WARN_HASH_WEAK]], + 'ssh-rsa-cert-v01@openssh.com': [['5.6'], [FAIL_HASH_WEAK], [], [INFO_OPENSSH82_FUTURE_DEPRECATION]], 'ssh-dss-cert-v01@openssh.com': [['5.6', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], diff --git a/test/docker/expected_results/dropbear_2019.78_test1.txt b/test/docker/expected_results/dropbear_2019.78_test1.txt index 6f04d61..93205f4 100644 --- a/test/docker/expected_results/dropbear_2019.78_test1.txt +++ b/test/docker/expected_results/dropbear_2019.78_test1.txt @@ -23,8 +23,9 @@  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ssh-dss -- [fail] using small 1024-bit modulus  `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using weak random number generator could reveal the key diff --git a/test/docker/expected_results/openssh_4.0p1_test1.txt b/test/docker/expected_results/openssh_4.0p1_test1.txt index 57bc67b..54ba817 100644 --- a/test/docker/expected_results/openssh_4.0p1_test1.txt +++ b/test/docker/expected_results/openssh_4.0p1_test1.txt @@ -40,8 +40,9 @@ # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ssh-dss -- [fail] using small 1024-bit modulus  `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using weak random number generator could reveal the key diff --git a/test/docker/expected_results/openssh_5.6p1_test1.txt b/test/docker/expected_results/openssh_5.6p1_test1.txt index 3560317..014d7e7 100644 --- a/test/docker/expected_results/openssh_5.6p1_test1.txt +++ b/test/docker/expected_results/openssh_5.6p1_test1.txt @@ -34,8 +34,9 @@ # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ssh-dss -- [fail] using small 1024-bit modulus  `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using weak random number generator could reveal the key diff --git a/test/docker/expected_results/openssh_5.6p1_test2.txt b/test/docker/expected_results/openssh_5.6p1_test2.txt index 65a3156..2a6825f 100644 --- a/test/docker/expected_results/openssh_5.6p1_test2.txt +++ b/test/docker/expected_results/openssh_5.6p1_test2.txt @@ -34,11 +34,13 @@ # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 diff --git a/test/docker/expected_results/openssh_5.6p1_test3.txt b/test/docker/expected_results/openssh_5.6p1_test3.txt index 111e208..657b22e 100644 --- a/test/docker/expected_results/openssh_5.6p1_test3.txt +++ b/test/docker/expected_results/openssh_5.6p1_test3.txt @@ -34,11 +34,13 @@ # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 diff --git a/test/docker/expected_results/openssh_5.6p1_test4.txt b/test/docker/expected_results/openssh_5.6p1_test4.txt index 11f6a21..fb48d1c 100644 --- a/test/docker/expected_results/openssh_5.6p1_test4.txt +++ b/test/docker/expected_results/openssh_5.6p1_test4.txt @@ -35,9 +35,11 @@ # host-key algorithms (key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm - `- [warn] using small 1024-bit modulus + `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 diff --git a/test/docker/expected_results/openssh_5.6p1_test5.txt b/test/docker/expected_results/openssh_5.6p1_test5.txt index 7c6213e..5ff250a 100644 --- a/test/docker/expected_results/openssh_5.6p1_test5.txt +++ b/test/docker/expected_results/openssh_5.6p1_test5.txt @@ -35,8 +35,10 @@ # host-key algorithms (key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm `- [info] available since OpenSSH 5.6 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 diff --git a/test/docker/expected_results/openssh_8.0p1_test1.txt b/test/docker/expected_results/openssh_8.0p1_test1.txt index 6758646..d7e45b1 100644 --- a/test/docker/expected_results/openssh_8.0p1_test1.txt +++ b/test/docker/expected_results/openssh_8.0p1_test1.txt @@ -25,6 +25,7 @@ (key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2 (key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 + `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2 (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 diff --git a/test/test_ssh2.py b/test/test_ssh2.py index d38cadd..fc4c0fa 100644 --- a/test/test_ssh2.py +++ b/test/test_ssh2.py @@ -147,7 +147,7 @@ class TestSSH2: self.audit(out, self._conf()) out.write() lines = output_spy.flush() - assert len(lines) == 69 + assert len(lines) == 70 def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket): vsocket = virtual_socket