Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions.

2025-06-25 12:04:32 +02:00 · 2020-02-08 23:56:54 -05:00
parent 99ae10440b
commit c9a2f2955c
12 changed files with 24 additions and 18 deletions
--- a/test/docker/expected_results/openssh_8.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test1.txt
@ -23,7 +23,8 @@
 [0;36m# host-key algorithms[0m
 [0;32m(key) rsa-sha2-512 (3072-bit)               -- [info] available since OpenSSH 7.2[0m
 [0;32m(key) rsa-sha2-256 (3072-bit)               -- [info] available since OpenSSH 7.2[0m
-[0;32m(key) ssh-rsa (3072-bit)                    -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28[0m
+[0;31m(key) ssh-rsa (3072-bit)                    -- [fail] using weak hashing algorithm[0m
+                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
 [0;31m(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves[0m
 [0;33m                                            `- [warn] using weak random number generator could reveal the key[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
@ -68,6 +69,7 @@
 [0;31m(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove [0m
 [0;31m(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove [0m
+[0;31m(rec) -ssh-rsa                              -- key algorithm to remove [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;33m(rec) -hmac-sha1                            -- mac algorithm to remove [0m
 [0;33m(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove [0m