mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 22:15:22 +01:00
Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions.
This commit is contained in:
parent
99ae10440b
commit
c9a2f2955c
@ -57,6 +57,7 @@ Guides to harden server & client configuration can be found here: [https://www.s
|
|||||||
|
|
||||||
## ChangeLog
|
## ChangeLog
|
||||||
### v2.1.2 (???)
|
### v2.1.2 (???)
|
||||||
|
- Marked host key type `ssh-rsa` as weak due to practical SHA-1 collisions.
|
||||||
- Added Windows builds.
|
- Added Windows builds.
|
||||||
- Added 10 new host key types: `ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss`, `x509v3-sign-rsa`, `x509v3-sign-rsa-sha256@ssh.com`, `x509v3-ssh-dss`, `x509v3-ssh-rsa`, `sk-ecdsa-sha2-nistp256-cert-v01@openssh.com`, `sk-ecdsa-sha2-nistp256@openssh.com`, `sk-ssh-ed25519-cert-v01@openssh.com`, and `sk-ssh-ed25519@openssh.com`.
|
- Added 10 new host key types: `ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss`, `x509v3-sign-rsa`, `x509v3-sign-rsa-sha256@ssh.com`, `x509v3-ssh-dss`, `x509v3-ssh-rsa`, `sk-ecdsa-sha2-nistp256-cert-v01@openssh.com`, `sk-ecdsa-sha2-nistp256@openssh.com`, `sk-ssh-ed25519-cert-v01@openssh.com`, and `sk-ssh-ed25519@openssh.com`.
|
||||||
- Added 18 new key exchanges: `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`, `ecdh-sha2-curve25519`, `ecdh-sha2-nistb233`, `ecdh-sha2-nistb409`, `ecdh-sha2-nistk163`, `ecdh-sha2-nistk233`, `ecdh-sha2-nistk283`, `ecdh-sha2-nistk409`, `ecdh-sha2-nistp192`, `ecdh-sha2-nistp224`, `ecdh-sha2-nistt571`, `gss-gex-sha1-`, and `gss-group1-sha1-`.
|
- Added 18 new key exchanges: `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`, `ecdh-sha2-curve25519`, `ecdh-sha2-nistb233`, `ecdh-sha2-nistb409`, `ecdh-sha2-nistk163`, `ecdh-sha2-nistk233`, `ecdh-sha2-nistk283`, `ecdh-sha2-nistk409`, `ecdh-sha2-nistp192`, `ecdh-sha2-nistp224`, `ecdh-sha2-nistt571`, `gss-gex-sha1-`, and `gss-group1-sha1-`.
|
||||||
|
@ -393,7 +393,7 @@ class SSH2(object): # pylint: disable=too-few-public-methods
|
|||||||
'rsa-sha2-512': [['7.2']],
|
'rsa-sha2-512': [['7.2']],
|
||||||
'ssh-ed25519': [['6.5,l10.7.0']],
|
'ssh-ed25519': [['6.5,l10.7.0']],
|
||||||
'ssh-ed25519-cert-v01@openssh.com': [['6.5']],
|
'ssh-ed25519-cert-v01@openssh.com': [['6.5']],
|
||||||
'ssh-rsa': [['2.5.0,d0.28,l10.2']],
|
'ssh-rsa': [['2.5.0,d0.28,l10.2'], [WARN_HASH_WEAK]],
|
||||||
'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_OPENSSH70_WEAK], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
|
'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_OPENSSH70_WEAK], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
|
||||||
'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
||||||
'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
|
||||||
@ -1828,7 +1828,7 @@ class SSH(object): # pylint: disable=too-few-public-methods
|
|||||||
else:
|
else:
|
||||||
if faults == 0:
|
if faults == 0:
|
||||||
continue
|
continue
|
||||||
if n in ['diffie-hellman-group-exchange-sha256', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa-cert-v01@openssh.com']:
|
if n in ['diffie-hellman-group-exchange-sha256', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa-cert-v01@openssh.com']:
|
||||||
rec[sshv][alg_type]['chg'][n] = faults
|
rec[sshv][alg_type]['chg'][n] = faults
|
||||||
else:
|
else:
|
||||||
rec[sshv][alg_type]['del'][n] = faults
|
rec[sshv][alg_type]['del'][n] = faults
|
||||||
|
@ -22,7 +22,8 @@
|
|||||||
[0;31m(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves[0m
|
[0;31m(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves[0m
|
||||||
[0;33m `- [warn] using weak random number generator could reveal the key[0m
|
[0;33m `- [warn] using weak random number generator could reveal the key[0m
|
||||||
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
||||||
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;31m(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
|
[0;31m(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
|
||||||
[0;33m `- [warn] using small 1024-bit modulus[0m
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
@ -63,7 +64,6 @@
|
|||||||
[0;32m(fin) ssh-rsa: SHA256:CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM[0m
|
[0;32m(fin) ssh-rsa: SHA256:CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM[0m
|
||||||
|
|
||||||
[0;36m# algorithm recommendations (for Dropbear SSH 2019.78)[0m
|
[0;36m# algorithm recommendations (for Dropbear SSH 2019.78)[0m
|
||||||
[0;31m(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
|
||||||
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -3des-ctr -- enc algorithm to remove [0m
|
[0;31m(rec) -3des-ctr -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
||||||
@ -71,7 +71,6 @@
|
|||||||
[0;31m(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove [0m
|
[0;31m(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove [0m
|
||||||
[0;31m(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove [0m
|
[0;31m(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove [0m
|
||||||
[0;31m(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove [0m
|
[0;31m(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove [0m
|
||||||
[0;31m(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove [0m
|
|
||||||
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -ssh-dss -- key algorithm to remove [0m
|
[0;31m(rec) -ssh-dss -- key algorithm to remove [0m
|
||||||
[0;32m(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append [0m
|
[0;32m(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append [0m
|
||||||
|
@ -38,7 +38,8 @@
|
|||||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||||
|
|
||||||
[0;36m# host-key algorithms[0m
|
[0;36m# host-key algorithms[0m
|
||||||
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;31m(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
|
[0;31m(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
|
||||||
[0;33m `- [warn] using small 1024-bit modulus[0m
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
@ -116,7 +117,6 @@
|
|||||||
[0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m
|
[0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m
|
||||||
|
|
||||||
[0;36m# algorithm recommendations (for OpenSSH 4.0)[0m
|
[0;36m# algorithm recommendations (for OpenSSH 4.0)[0m
|
||||||
[0;31m(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
|
||||||
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -aes192-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -aes192-cbc -- enc algorithm to remove [0m
|
||||||
|
@ -32,7 +32,8 @@
|
|||||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||||
|
|
||||||
[0;36m# host-key algorithms[0m
|
[0;36m# host-key algorithms[0m
|
||||||
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;31m(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
|
[0;31m(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
|
||||||
[0;33m `- [warn] using small 1024-bit modulus[0m
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
@ -122,7 +123,6 @@
|
|||||||
|
|
||||||
[0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
|
[0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
|
||||||
[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
||||||
[0;31m(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
|
||||||
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -aes192-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -aes192-cbc -- enc algorithm to remove [0m
|
||||||
|
@ -32,7 +32,8 @@
|
|||||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||||
|
|
||||||
[0;36m# host-key algorithms[0m
|
[0;36m# host-key algorithms[0m
|
||||||
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 5.6
|
`- [info] available since OpenSSH 5.6
|
||||||
@ -120,7 +121,6 @@
|
|||||||
|
|
||||||
[0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
|
[0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
|
||||||
[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
||||||
[0;31m(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
|
||||||
[0;31m(rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
[0;31m(rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
||||||
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
||||||
@ -139,6 +139,7 @@
|
|||||||
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
||||||
|
[0;31m(rec) -ssh-rsa -- key algorithm to remove [0m
|
||||||
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
||||||
|
|
||||||
[0;36m# additional info[0m
|
[0;36m# additional info[0m
|
||||||
|
@ -32,7 +32,8 @@
|
|||||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||||
|
|
||||||
[0;36m# host-key algorithms[0m
|
[0;36m# host-key algorithms[0m
|
||||||
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 5.6
|
`- [info] available since OpenSSH 5.6
|
||||||
@ -120,7 +121,6 @@
|
|||||||
|
|
||||||
[0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
|
[0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
|
||||||
[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
||||||
[0;31m(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
|
||||||
[0;31m(rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
[0;31m(rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
||||||
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
||||||
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
||||||
@ -139,6 +139,7 @@
|
|||||||
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
||||||
|
[0;31m(rec) -ssh-rsa -- key algorithm to remove [0m
|
||||||
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
||||||
|
|
||||||
[0;36m# additional info[0m
|
[0;36m# additional info[0m
|
||||||
|
@ -32,7 +32,8 @@
|
|||||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||||
|
|
||||||
[0;36m# host-key algorithms[0m
|
[0;36m# host-key algorithms[0m
|
||||||
[0;32m(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28[0m
|
[0;31m(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus[0m
|
||||||
`- [info] available since OpenSSH 5.6
|
`- [info] available since OpenSSH 5.6
|
||||||
|
|
||||||
@ -137,6 +138,7 @@
|
|||||||
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
||||||
|
[0;31m(rec) -ssh-rsa -- key algorithm to remove [0m
|
||||||
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
||||||
|
|
||||||
[0;36m# additional info[0m
|
[0;36m# additional info[0m
|
||||||
|
@ -32,7 +32,8 @@
|
|||||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||||
|
|
||||||
[0;36m# host-key algorithms[0m
|
[0;36m# host-key algorithms[0m
|
||||||
[0;32m(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28[0m
|
[0;31m(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;32m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [info] available since OpenSSH 5.6[0m
|
[0;32m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [info] available since OpenSSH 5.6[0m
|
||||||
|
|
||||||
[0;36m# encryption algorithms (ciphers)[0m
|
[0;36m# encryption algorithms (ciphers)[0m
|
||||||
@ -135,6 +136,7 @@
|
|||||||
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
||||||
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
||||||
|
[0;31m(rec) -ssh-rsa -- key algorithm to remove [0m
|
||||||
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
||||||
|
|
||||||
[0;36m# additional info[0m
|
[0;36m# additional info[0m
|
||||||
|
@ -23,7 +23,8 @@
|
|||||||
[0;36m# host-key algorithms[0m
|
[0;36m# host-key algorithms[0m
|
||||||
[0;32m(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2[0m
|
[0;32m(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2[0m
|
||||||
[0;32m(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2[0m
|
[0;32m(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2[0m
|
||||||
[0;32m(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28[0m
|
[0;31m(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm[0m
|
||||||
|
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||||
[0;31m(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves[0m
|
[0;31m(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves[0m
|
||||||
[0;33m `- [warn] using weak random number generator could reveal the key[0m
|
[0;33m `- [warn] using weak random number generator could reveal the key[0m
|
||||||
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
||||||
@ -68,6 +69,7 @@
|
|||||||
[0;31m(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove [0m
|
[0;31m(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove [0m
|
||||||
[0;31m(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove [0m
|
[0;31m(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove [0m
|
||||||
[0;31m(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove [0m
|
[0;31m(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove [0m
|
||||||
|
[0;31m(rec) -ssh-rsa -- key algorithm to remove [0m
|
||||||
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
||||||
[0;33m(rec) -hmac-sha1 -- mac algorithm to remove [0m
|
[0;33m(rec) -hmac-sha1 -- mac algorithm to remove [0m
|
||||||
[0;33m(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove [0m
|
[0;33m(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove [0m
|
||||||
|
@ -63,7 +63,6 @@
|
|||||||
[0;31m(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove [0m
|
[0;31m(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove [0m
|
||||||
[0;32m(rec) +rsa-sha2-256 -- key algorithm to append [0m
|
[0;32m(rec) +rsa-sha2-256 -- key algorithm to append [0m
|
||||||
[0;32m(rec) +rsa-sha2-512 -- key algorithm to append [0m
|
[0;32m(rec) +rsa-sha2-512 -- key algorithm to append [0m
|
||||||
[0;32m(rec) +ssh-rsa -- key algorithm to append [0m
|
|
||||||
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
[0;33m(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove [0m
|
||||||
[0;33m(rec) -hmac-sha1 -- mac algorithm to remove [0m
|
[0;33m(rec) -hmac-sha1 -- mac algorithm to remove [0m
|
||||||
[0;33m(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove [0m
|
[0;33m(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove [0m
|
||||||
|
@ -35,5 +35,4 @@
|
|||||||
[0;32m(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append [0m
|
[0;32m(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append [0m
|
||||||
[0;32m(rec) +rsa-sha2-256 -- key algorithm to append [0m
|
[0;32m(rec) +rsa-sha2-256 -- key algorithm to append [0m
|
||||||
[0;32m(rec) +rsa-sha2-512 -- key algorithm to append [0m
|
[0;32m(rec) +rsa-sha2-512 -- key algorithm to append [0m
|
||||||
[0;32m(rec) +ssh-rsa -- key algorithm to append [0m
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user