From cabbe717d3d18ba1f6904fa9838b395ca2d08b22 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Tue, 30 Jun 2020 22:58:28 -0400 Subject: [PATCH] Added 'diffie-hellman-group1-sha256' kex. --- README.md | 5 +++-- ssh-audit.py | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2cb9677..e375d13 100644 --- a/README.md +++ b/README.md @@ -78,8 +78,9 @@ $ brew install ssh-audit - 1024-bit moduli upgraded from warnings to failures. - Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)). - Suppress recommendation of token host key types. - - Added 1 new host key types: `ssh-rsa1`. - - Added 1 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`. + - Added 1 new host key type: `ssh-rsa1`. + - Added 1 new key exchange: `diffie-hellman-group1-sha256`. + - Added 3 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`. - Added 2 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`. ### v2.2.0 (2020-03-11) diff --git a/ssh-audit.py b/ssh-audit.py index e4dfa4c..eb6c583 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -660,7 +660,7 @@ class SSH2: # pylint: disable=too-few-public-methods 'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]], 'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]], 'gss-group15-sha512-toWM5Slw5Ew8Mqkay+al2g==': [[]], - 'diffie-hellman-group1-sha256': [[], ], + 'diffie-hellman-group1-sha256': [[], [FAIL_1024BIT_MODULUS]], 'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [], [WARN_HASH_WEAK]], 'diffie-hellman-group14-sha256': [['7.3,d2016.73']], 'diffie-hellman-group14-sha256@ssh.com': [[]],