Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions.

2025-06-25 12:04:32 +02:00 · 2020-02-08 23:56:54 -05:00
parent 99ae10440b
commit c9a2f2955c
12 changed files with 24 additions and 18 deletions
--- a/test/docker/expected_results/openssh_4.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_4.0p1_test1.txt
@ -38,7 +38,8 @@
                                          `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28

 [0;36m# host-key algorithms[0m
-[0;31m(key) ssh-rsa (1024-bit)                  -- [fail] using small 1024-bit modulus[0m
+[0;31m(key) ssh-rsa (1024-bit)                  -- [fail] using weak hashing algorithm[0m
+[0;33m                                          `- [warn] using small 1024-bit modulus[0m
                                          `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
 [0;31m(key) ssh-dss                             -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
 [0;33m                                          `- [warn] using small 1024-bit modulus[0m
@ -116,7 +117,6 @@
 [0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m

 [0;36m# algorithm recommendations (for OpenSSH 4.0)[0m
-[0;31m(rec) !ssh-rsa                            -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                         -- enc algorithm to remove [0m