diff --git a/README.md b/README.md index 1f2a8f9..e46dac0 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,9 @@ For convenience, a web front-end on top of the command-line tool is available at - Snap packages now print more user-friendly error messages when permission errors are encountered. - JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337). - Warnings are now printed for 2048-bit moduli. + - SHA-1 algorithms now cause failures. + - CBC mode ciphers are now warnings instead of failures. + - Generic failure/warning messages replaced with more specific reasons (i.e.: 'using weak cipher' => 'using broken RC4 cipher'). - Added 33 new host keys: `dsa2048-sha224@libassh.org`, `dsa2048-sha256@libassh.org`, `dsa3072-sha256@libassh.org`, `ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com`, `eddsa-e382-shake256@libassh.org`, `eddsa-e521-shake256@libassh.org`, `null`, `pgp-sign-dss`, `pgp-sign-rsa`, `spki-sign-dss`, `spki-sign-rsa`, `ssh-dss-sha224@ssh.com`, `ssh-dss-sha384@ssh.com`, `ssh-dss-sha512@ssh.com`, `ssh-ed448-cert-v01@openssh.com`, `ssh-rsa-sha224@ssh.com`, `ssh-rsa-sha2-256`, `ssh-rsa-sha2-512`, `ssh-rsa-sha384@ssh.com`, `ssh-rsa-sha512@ssh.com`, `ssh-xmss-cert-v01@openssh.com`, `ssh-xmss@openssh.com`, `webauthn-sk-ecdsa-sha2-nistp256@openssh.com`, `x509v3-ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss-sha1`, `x509v3-sign-dss-sha224@ssh.com`, `x509v3-sign-dss-sha256@ssh.com`, `x509v3-sign-dss-sha384@ssh.com`, `x509v3-sign-dss-sha512@ssh.com`, `x509v3-sign-rsa-sha1`, `x509v3-sign-rsa-sha224@ssh.com`, `x509v3-sign-rsa-sha384@ssh.com`, `x509v3-sign-rsa-sha512@ssh.com`. - Added 46 new key exchanges: `diffie-hellman-group14-sha224@ssh.com`, `diffie-hellman_group17-sha512`, `diffie-hellman-group-exchange-sha224@ssh.com`, `diffie-hellman-group-exchange-sha384@ssh.com`, `ecdh-sha2-1.2.840.10045.3.1.1`, `ecdh-sha2-1.2.840.10045.3.1.7`, `ecdh-sha2-1.3.132.0.1`, `ecdh-sha2-1.3.132.0.16`, `ecdh-sha2-1.3.132.0.26`, `ecdh-sha2-1.3.132.0.27`, `ecdh-sha2-1.3.132.0.33`, `ecdh-sha2-1.3.132.0.34`, `ecdh-sha2-1.3.132.0.35`, `ecdh-sha2-1.3.132.0.36`, `ecdh-sha2-1.3.132.0.37`, `ecdh-sha2-1.3.132.0.38`, `ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==`, `ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==`, `ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==`, `ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==`, `ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==`, `ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==`, `ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w==`, `ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==`, `ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==`, `ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==`, `ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==`, `ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==`, `ecmqv-sha2`, `gss-13.3.132.0.10-sha256-*`, `gss-curve25519-sha256-*`, `gss-curve448-sha512-*`, `gss-gex-sha1-*`, `gss-gex-sha256-*`, `gss-group14-sha1-*`, `gss-group14-sha256-*`, `gss-group15-sha512-*`, `gss-group16-sha512-*`, `gss-group17-sha512-*`, `gss-group18-sha512-*`, `gss-group1-sha1-*`, `gss-nistp256-sha256-*`, `gss-nistp384-sha256-*`, `gss-nistp521-sha512-*`, `m383-sha384@libassh.org`, `m511-sha512@libassh.org`. - Added 28 new ciphers: `3des-cfb`, `3des-ecb`, `3des-ofb`, `blowfish-cfb`, `blowfish-ecb`, `blowfish-ofb`, `camellia128-cbc@openssh.org`, `camellia128-ctr@openssh.org`, `camellia192-cbc@openssh.org`, `camellia192-ctr@openssh.org`, `camellia256-cbc@openssh.org`, `camellia256-ctr@openssh.org`, `cast128-cfb`, `cast128-ecb`, `cast128-ofb`, `cast128-12-cbc@ssh.com`, `idea-cfb`, `idea-ecb`, `idea-ofb`, `rijndael-cbc@ssh.com`, `seed-ctr@ssh.com`, `serpent128-gcm@libassh.org`, `serpent256-gcm@libassh.org`, `twofish128-gcm@libassh.org`, `twofish256-gcm@libassh.org`, `twofish-cfb`, `twofish-ecb`, `twofish-ofb` diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py index 37f1dca..d06c546 100644 --- a/src/ssh_audit/ssh2_kexdb.py +++ b/src/ssh_audit/ssh2_kexdb.py @@ -28,44 +28,46 @@ from typing import Callable, Optional, Union, Any # noqa: F401 class SSH2_KexDB: # pylint: disable=too-few-public-methods - FAIL_OPENSSH70_LEGACY = 'removed since OpenSSH 7.0, legacy algorithm' - FAIL_OPENSSH70_WEAK = 'removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm' - FAIL_OPENSSH70_LOGJAM = 'disabled (in client) since OpenSSH 7.0, logjam attack' - FAIL_OPENSSH67_UNSAFE = 'removed (in server) since OpenSSH 6.7, unsafe algorithm' - FAIL_OPENSSH61_REMOVE = 'removed since OpenSSH 6.1, removed from specification' - FAIL_OPENSSH31_REMOVE = 'removed since OpenSSH 3.1' - FAIL_DBEAR67_DISABLED = 'disabled since Dropbear SSH 2015.67' - FAIL_DBEAR53_DISABLED = 'disabled since Dropbear SSH 0.53' - FAIL_DEPRECATED_CIPHER = 'deprecated cipher' - FAIL_WEAK_CIPHER = 'using weak cipher' - FAIL_WEAK_ALGORITHM = 'using weak/obsolete algorithm' - FAIL_PLAINTEXT = 'no encryption/integrity' - FAIL_DEPRECATED_MAC = 'deprecated MAC' FAIL_1024BIT_MODULUS = 'using small 1024-bit modulus' - FAIL_UNPROVEN = 'using unproven algorithm' - FAIL_HASH_WEAK = 'using weak hashing algorithm' + FAIL_3DES = 'using broken & deprecated 3DES cipher' + FAIL_BLOWFISH = 'using weak & deprecated Blowfish cipher' + FAIL_CAST = 'using weak & deprecated CAST cipher' + FAIL_NSA_BACKDOORED_CURVE = 'using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency' + FAIL_DES = 'using broken DES cipher' + FAIL_IDEA = 'using deprecated IDEA cipher' + FAIL_LOGJAM_ATTACK = 'vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)' + FAIL_MD5 = 'using broken MD5 hash algorithm' + FAIL_PLAINTEXT = 'no encryption/integrity' + FAIL_RC4 = 'using broken RC4 cipher' + FAIL_RIJNDAEL = 'using deprecated & non-standardized Rijndael cipher' + FAIL_RIPEMD = 'using deprecated RIPEMD hash algorithm' + FAIL_SEED = 'using deprecated SEED cipher' + FAIL_SERPENT = 'using deprecated Serpent cipher' + FAIL_SHA1 = 'using broken SHA-1 hash algorithm' FAIL_SMALL_ECC_MODULUS = 'using small ECC modulus' FAIL_UNKNOWN = 'using unknown algorithm' - FAIL_CURVES_WEAK = 'using weak elliptic curves' + FAIL_UNPROVEN = 'using unproven algorithm' + FAIL_UNTRUSTED = 'using untrusted algorithm developed in secret by a government entity' - WARN_RNDSIG_KEY = 'using weak random number generator could reveal the key' - WARN_HASH_WEAK = 'using weak hashing algorithm' - WARN_CIPHER_MODE = 'using weak cipher mode' + WARN_2048BIT_MODULUS = '2048-bit modulus only provides 112-bits of symmetric strength' WARN_BLOCK_SIZE = 'using small 64-bit block size' - WARN_CIPHER_WEAK = 'using weak cipher' + WARN_CIPHER_MODE = 'using weak cipher mode' WARN_ENCRYPT_AND_MAC = 'using encrypt-and-MAC mode' + WARN_EXPERIMENTAL = 'using experimental algorithm' + WARN_RNDSIG_KEY = 'using weak random number generator could reveal the key' WARN_TAG_SIZE = 'using small 64-bit tag size' WARN_TAG_SIZE_96 = 'using small 96-bit tag size' - WARN_EXPERIMENTAL = 'using experimental algorithm' - WARN_OBSOLETE = 'using obsolete algorithm' - WARN_UNTRUSTED = 'using untrusted algorithm' - WARN_OPENSSH74_UNSAFE = 'disabled (in client) since OpenSSH 7.4, unsafe algorithm' - WARN_OPENSSH72_LEGACY = 'disabled (in client) since OpenSSH 7.2, legacy algorithm' - WARN_2048BIT_MODULUS = '2048-bit modulus only provides 112-bits of symmetric strength' + INFO_DEFAULT_OPENSSH_CIPHER = 'default cipher since OpenSSH 6.9' + INFO_DEFAULT_OPENSSH_KEX = 'default key exchange since OpenSSH 6.4' INFO_DEPRECATED_IN_OPENSSH88 = 'deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8' - INFO_OPENSSH69_CHACHA = 'default cipher since OpenSSH 6.9.' + INFO_DISABLED_IN_DBEAR67 = 'disabled in Dropbear SSH 2015.67' + INFO_DISABLED_IN_OPENSSH70 = 'disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0' INFO_NEVER_IMPLEMENTED_IN_OPENSSH = 'despite the @openssh.com tag, this was never implemented in OpenSSH' + INFO_REMOVED_IN_OPENSSH61 = 'removed since OpenSSH 6.1, removed from specification' + INFO_REMOVED_IN_OPENSSH69 = 'removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9' + INFO_REMOVED_IN_OPENSSH70 = 'removed in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0' + INFO_WITHDRAWN_PQ_ALG = 'the sntrup4591761 algorithm was withdrawn, as it may not provide strong post-quantum security' ALGORITHMS: Dict[str, Dict[str, List[List[Optional[str]]]]] = { @@ -75,21 +77,21 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'gss-13.3.132.0.10-sha256-*': [[], [FAIL_UNKNOWN]], 'gss-curve25519-sha256-*': [[]], 'gss-curve448-sha512-*': [[]], - 'gss-gex-sha1-*': [[], [], [WARN_HASH_WEAK]], + 'gss-gex-sha1-*': [[], [FAIL_SHA1]], 'gss-gex-sha256-*': [[]], - 'gss-group1-sha1-*': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_HASH_WEAK]], - 'gss-group14-sha1-*': [[], [], [WARN_HASH_WEAK, WARN_2048BIT_MODULUS]], + 'gss-group1-sha1-*': [[], [FAIL_1024BIT_MODULUS, FAIL_LOGJAM_ATTACK, FAIL_SHA1]], + 'gss-group14-sha1-*': [[], [FAIL_SHA1], [WARN_2048BIT_MODULUS]], 'gss-group14-sha256-*': [[], [], [WARN_2048BIT_MODULUS]], 'gss-group15-sha512-*': [[]], 'gss-group16-sha512-*': [[]], 'gss-group17-sha512-*': [[]], 'gss-group18-sha512-*': [[]], - 'gss-nistp256-sha256-*': [[], [FAIL_CURVES_WEAK]], - 'gss-nistp384-sha256-*': [[], [FAIL_CURVES_WEAK]], - 'gss-nistp521-sha512-*': [[], [FAIL_CURVES_WEAK]], - 'diffie-hellman-group1-sha1': [['2.3.0,d0.28,l10.2', '6.6', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_HASH_WEAK]], + 'gss-nistp256-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'gss-nistp384-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'gss-nistp521-sha512-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'diffie-hellman-group1-sha1': [['2.3.0,d0.28,l10.2', '6.6', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_LOGJAM_ATTACK, FAIL_SHA1], [], [INFO_REMOVED_IN_OPENSSH69]], 'diffie-hellman-group1-sha256': [[], [FAIL_1024BIT_MODULUS]], - 'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [], [WARN_HASH_WEAK, WARN_2048BIT_MODULUS]], + 'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [FAIL_SHA1], [WARN_2048BIT_MODULUS]], 'diffie-hellman-group14-sha256': [['7.3,d2016.73'], [], [WARN_2048BIT_MODULUS]], 'diffie-hellman-group14-sha256@ssh.com': [[], [], [WARN_2048BIT_MODULUS]], 'diffie-hellman-group15-sha256': [[]], @@ -103,7 +105,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'diffie-hellman-group17-sha512': [[]], 'diffie-hellman-group18-sha512': [['7.3']], 'diffie-hellman-group18-sha512@ssh.com': [[]], - 'diffie-hellman-group-exchange-sha1': [['2.3.0', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]], + 'diffie-hellman-group-exchange-sha1': [['2.3.0', '6.6', None], [FAIL_SHA1]], 'diffie-hellman-group-exchange-sha256': [['4.4']], 'diffie-hellman-group-exchange-sha256@ssh.com': [[]], 'diffie-hellman-group-exchange-sha512@ssh.com': [[]], @@ -113,52 +115,52 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'diffie-hellman_group17-sha512': [[]], 'ecmqv-sha2': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-curve25519': [[], []], - 'ecdh-sha2-nistb233': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistb409': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistk163': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistk233': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistk283': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistk409': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistp192': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistp224': [[], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistp256': [['5.7,d2013.62,l10.6.0'], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistp384': [['5.7,d2013.62'], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistp521': [['5.7,d2013.62'], [FAIL_CURVES_WEAK]], - 'ecdh-sha2-nistt571': [[], [FAIL_CURVES_WEAK]], + 'ecdh-sha2-nistb233': [[]], # The NIST P-curves are suspected as being backdoored; this isn't a P-curve. + 'ecdh-sha2-nistb409': [[]], # Not a NIST P-curve. + 'ecdh-sha2-nistk163': [[], [FAIL_SMALL_ECC_MODULUS]], # Not a NIST P-curve. + 'ecdh-sha2-nistk233': [[]], # Not a NIST P-curve. + 'ecdh-sha2-nistk283': [[]], # Not a NIST P-curve. + 'ecdh-sha2-nistk409': [[]], # Not a NIST P-curve. + 'ecdh-sha2-nistp192': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'ecdh-sha2-nistp224': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'ecdh-sha2-nistp256': [['5.7,d2013.62,l10.6.0'], [FAIL_NSA_BACKDOORED_CURVE]], + 'ecdh-sha2-nistp384': [['5.7,d2013.62'], [FAIL_NSA_BACKDOORED_CURVE]], + 'ecdh-sha2-nistp521': [['5.7,d2013.62'], [FAIL_NSA_BACKDOORED_CURVE]], + 'ecdh-sha2-nistt571': [[]], # Not a NIST P-curve. 'ecdh-sha2-1.3.132.0.10': [[]], # ECDH over secp256k1 (i.e.: the Bitcoin curve) # Note: the base64 strings, according to draft 6 of RFC5656, is Base64(MD5(DER(OID))). The final RFC5656 dropped the base64 strings in favor of plain OID concatenation, but apparently some SSH servers implement them anyway. See: https://datatracker.ietf.org/doc/html/draft-green-secsh-ecc-06#section-9.2 'ecdh-sha2-1.3.132.0.1': [[], [FAIL_SMALL_ECC_MODULUS]], # sect163k1 'ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==': [[], [FAIL_SMALL_ECC_MODULUS]], # sect163k1 - 'ecdh-sha2-1.2.840.10045.3.1.1': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_CURVES_WEAK]], # NIST P-192 / secp192r1 - 'ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_CURVES_WEAK]], # NIST P-192 / secp192r1 - 'ecdh-sha2-1.3.132.0.33': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_CURVES_WEAK]], # NIST P-224 / secp224r1 - 'ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_CURVES_WEAK]], # NIST P-224 / secp224r1 + 'ecdh-sha2-1.2.840.10045.3.1.1': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # NIST P-192 / secp192r1 + 'ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # NIST P-192 / secp192r1 + 'ecdh-sha2-1.3.132.0.33': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # NIST P-224 / secp224r1 + 'ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # NIST P-224 / secp224r1 'ecdh-sha2-1.3.132.0.26': [[], [FAIL_SMALL_ECC_MODULUS]], # sect233k1 'ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==': [[], [FAIL_SMALL_ECC_MODULUS]], # sect233k1 - 'ecdh-sha2-1.3.132.0.27': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_CURVES_WEAK]], # sect233r1 - 'ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==': [[FAIL_SMALL_ECC_MODULUS, FAIL_CURVES_WEAK]], # sect233r1 - 'ecdh-sha2-1.2.840.10045.3.1.7': [[], [FAIL_CURVES_WEAK]], # NIST P-256 / secp256r1 - 'ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==': [[], [FAIL_CURVES_WEAK]], # NIST P-256 / secp256r1 + 'ecdh-sha2-1.3.132.0.27': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # sect233r1 + 'ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==': [[FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # sect233r1 + 'ecdh-sha2-1.2.840.10045.3.1.7': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-256 / secp256r1 + 'ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-256 / secp256r1 'ecdh-sha2-1.3.132.0.16': [[]], # sect283k1 'ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==': [[]], # sect283k1 - 'ecdh-sha2-1.3.132.0.34': [[], [FAIL_CURVES_WEAK]], # NIST P-384 / secp384r1 - 'ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==': [[], [FAIL_CURVES_WEAK]], # NIST P-384 / secp384r1 + 'ecdh-sha2-1.3.132.0.34': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-384 / secp384r1 + 'ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-384 / secp384r1 'ecdh-sha2-1.3.132.0.36': [[]], # sect409k1 'ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==': [[]], # sect409k1 - 'ecdh-sha2-1.3.132.0.37': [[], [FAIL_CURVES_WEAK]], # sect409r1 - 'ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==': [[], [FAIL_CURVES_WEAK]], # sect409r1 - 'ecdh-sha2-1.3.132.0.35': [[], [FAIL_CURVES_WEAK]], # NIST P-521 / secp521r1 - 'ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==': [[], [FAIL_CURVES_WEAK]], # NIST P-521 / secp521r1 + 'ecdh-sha2-1.3.132.0.37': [[], [FAIL_NSA_BACKDOORED_CURVE]], # sect409r1 + 'ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # sect409r1 + 'ecdh-sha2-1.3.132.0.35': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-521 / secp521r1 + 'ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-521 / secp521r1 'ecdh-sha2-1.3.132.0.38': [[]], # sect571k1 'ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w==': [[]], # sect571k1 - 'curve25519-sha256@libssh.org': [['6.5,d2013.62,l10.6.0']], - 'curve25519-sha256': [['7.4,d2018.76']], + 'curve25519-sha256@libssh.org': [['6.4,d2013.62,l10.6.0'], [], [], [INFO_DEFAULT_OPENSSH_KEX]], + 'curve25519-sha256': [['7.4,d2018.76'], [], [], [INFO_DEFAULT_OPENSSH_KEX]], 'curve448-sha512': [[]], 'kexguess2@matt.ucc.asn.au': [['d2013.57']], - 'rsa1024-sha1': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]], + 'rsa1024-sha1': [[], [FAIL_1024BIT_MODULUS, FAIL_SHA1]], 'rsa2048-sha256': [[], [], [WARN_2048BIT_MODULUS]], - 'sntrup4591761x25519-sha512@tinyssh.org': [['8.0', '8.4'], [], [WARN_EXPERIMENTAL]], + 'sntrup4591761x25519-sha512@tinyssh.org': [['8.0', '8.4'], [], [WARN_EXPERIMENTAL], [INFO_WITHDRAWN_PQ_ALG]], 'sntrup761x25519-sha512@openssh.com': [['8.5'], [], []], 'kexAlgoCurve25519SHA256': [[]], 'Curve25519SHA256': [[]], @@ -168,47 +170,47 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'm511-sha512@libassh.org': [[], [FAIL_UNPROVEN]], }, 'key': { - 'ssh-rsa1': [[], [FAIL_WEAK_ALGORITHM]], + 'ssh-rsa1': [[], [FAIL_SHA1]], 'rsa-sha2-256': [['7.2']], 'rsa-sha2-512': [['7.2']], 'ssh-ed25519': [['6.5,l10.7.0']], 'ssh-ed25519-cert-v01@openssh.com': [['6.5']], - 'ssh-rsa': [['2.5.0,d0.28,l10.2'], [FAIL_HASH_WEAK], [], [INFO_DEPRECATED_IN_OPENSSH88]], - 'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], - 'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], - 'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], - 'ecdsa-sha2-nistp521': [['5.7,d2013.62,l10.6.4'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], + 'ssh-rsa': [['2.5.0,d0.28,l10.2'], [FAIL_SHA1], [], [INFO_DEPRECATED_IN_OPENSSH88]], + 'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY], [INFO_DISABLED_IN_OPENSSH70]], + 'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], + 'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], + 'ecdsa-sha2-nistp521': [['5.7,d2013.62,l10.6.4'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve) - 'x509v3-sign-dss': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], - 'x509v3-sign-rsa': [[], [FAIL_HASH_WEAK], [], [INFO_DEPRECATED_IN_OPENSSH88]], + 'x509v3-sign-dss': [[], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY]], + 'x509v3-sign-rsa': [[], [FAIL_SHA1]], 'x509v3-sign-rsa-sha256@ssh.com': [[]], - 'x509v3-ssh-dss': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], - 'x509v3-ssh-rsa': [[], [FAIL_HASH_WEAK], [], [INFO_DEPRECATED_IN_OPENSSH88]], - 'ssh-rsa-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_OPENSSH70_LEGACY, FAIL_HASH_WEAK], [], [INFO_DEPRECATED_IN_OPENSSH88]], - 'ssh-dss-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_LEGACY], [WARN_RNDSIG_KEY]], - 'ssh-rsa-cert-v01@openssh.com': [['5.6'], [FAIL_HASH_WEAK], [], [INFO_DEPRECATED_IN_OPENSSH88]], - 'ssh-dss-cert-v01@openssh.com': [['5.6', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH70_WEAK], [WARN_RNDSIG_KEY]], - 'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], - 'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], - 'ecdsa-sha2-nistp521-cert-v01@openssh.com': [['5.7'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], + 'x509v3-ssh-dss': [[], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY]], + 'x509v3-ssh-rsa': [[], [FAIL_SHA1], [], [INFO_DEPRECATED_IN_OPENSSH88]], + 'ssh-rsa-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_SHA1], [], [INFO_REMOVED_IN_OPENSSH70]], + 'ssh-dss-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY], [INFO_DISABLED_IN_OPENSSH70]], + 'ssh-rsa-cert-v01@openssh.com': [['5.6'], [FAIL_SHA1], [], [INFO_DEPRECATED_IN_OPENSSH88]], + 'ssh-dss-cert-v01@openssh.com': [['5.6', '6.9'], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY]], + 'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], + 'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], + 'ecdsa-sha2-nistp521-cert-v01@openssh.com': [['5.7'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'rsa-sha2-256-cert-v01@openssh.com': [['7.8']], 'rsa-sha2-512-cert-v01@openssh.com': [['7.8']], 'ssh-rsa-sha256@ssh.com': [[]], 'ssh-dss-sha256@ssh.com': [[], [FAIL_1024BIT_MODULUS]], - 'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com': [['8.2'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], - 'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [FAIL_CURVES_WEAK], [WARN_RNDSIG_KEY]], + 'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com': [['8.2'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], + 'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']], 'sk-ssh-ed25519@openssh.com': [['8.2']], - 'ssh-gost2001': [[], [], [WARN_UNTRUSTED]], - 'ssh-gost2012-256': [[], [], [WARN_UNTRUSTED]], - 'ssh-gost2012-512': [[], [], [WARN_UNTRUSTED]], + 'ssh-gost2001': [[], [FAIL_UNTRUSTED]], + 'ssh-gost2012-256': [[], [FAIL_UNTRUSTED]], + 'ssh-gost2012-512': [[], [FAIL_UNTRUSTED]], 'spi-sign-rsa': [[]], 'ssh-ed448': [[]], - 'x509v3-ecdsa-sha2-nistp256': [[], [FAIL_CURVES_WEAK]], - 'x509v3-ecdsa-sha2-nistp384': [[], [FAIL_CURVES_WEAK]], - 'x509v3-ecdsa-sha2-nistp521': [[], [FAIL_CURVES_WEAK]], + 'x509v3-ecdsa-sha2-nistp256': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'x509v3-ecdsa-sha2-nistp384': [[], [FAIL_NSA_BACKDOORED_CURVE]], + 'x509v3-ecdsa-sha2-nistp521': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'x509v3-rsa2048-sha256': [[]], - 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com': [['8.3'], [FAIL_CURVES_WEAK]], + 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com': [['8.3'], [FAIL_NSA_BACKDOORED_CURVE]], 'ssh-xmss@openssh.com': [['7.7'], [WARN_EXPERIMENTAL]], 'ssh-xmss-cert-v01@openssh.com': [['7.7'], [WARN_EXPERIMENTAL]], 'dsa2048-sha224@libassh.org': [[], [FAIL_UNPROVEN], [WARN_2048BIT_MODULUS]], @@ -232,57 +234,57 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'ssh-rsa-sha384@ssh.com': [[]], 'ssh-rsa-sha512@ssh.com': [[]], 'x509v3-ecdsa-sha2-1.3.132.0.10': [[], [FAIL_UNKNOWN]], - 'x509v3-sign-dss-sha1': [[], [FAIL_1024BIT_MODULUS, FAIL_HASH_WEAK]], + 'x509v3-sign-dss-sha1': [[], [FAIL_1024BIT_MODULUS, FAIL_SHA1]], 'x509v3-sign-dss-sha224@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'x509v3-sign-dss-sha256@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'x509v3-sign-dss-sha384@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'x509v3-sign-dss-sha512@ssh.com': [[], [FAIL_1024BIT_MODULUS]], - 'x509v3-sign-rsa-sha1': [[], [FAIL_HASH_WEAK]], + 'x509v3-sign-rsa-sha1': [[], [FAIL_SHA1]], 'x509v3-sign-rsa-sha224@ssh.com': [[]], 'x509v3-sign-rsa-sha384@ssh.com': [[]], 'x509v3-sign-rsa-sha512@ssh.com': [[]], }, 'enc': { 'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]], - 'des': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - 'des-cbc': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - 'des-cbc@ssh.com': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - 'des-cbc-ssh1': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - '3des': [[], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH74_UNSAFE, WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - '3des-cbc': [['1.2.2,d0.28,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH74_UNSAFE, WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - '3des-ctr': [['d0.52'], [FAIL_WEAK_CIPHER]], - 'blowfish': [[], [FAIL_WEAK_ALGORITHM], [WARN_BLOCK_SIZE]], - 'blowfish-cbc': [['1.2.2,d0.28,l10.2', '6.6,d0.52', '7.1,d0.52'], [FAIL_OPENSSH67_UNSAFE, FAIL_DBEAR53_DISABLED], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - 'blowfish-ctr': [[], [FAIL_OPENSSH67_UNSAFE, FAIL_DBEAR53_DISABLED], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - 'twofish-cbc': [['d0.28', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]], - 'twofish128-cbc': [['d0.47', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]], + 'des': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'des-cbc': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'des-cbc@ssh.com': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'des-cbc-ssh1': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + '3des': [[], [FAIL_3DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + '3des-cbc': [['1.2.2,d0.28,l10.2', '6.6', None], [FAIL_3DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + '3des-ctr': [['d0.52'], [FAIL_3DES]], + 'blowfish': [[], [FAIL_BLOWFISH], [WARN_BLOCK_SIZE]], + 'blowfish-cbc': [['1.2.2,d0.28,l10.2', '6.6,d0.52', '7.1,d0.52'], [FAIL_BLOWFISH], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'blowfish-ctr': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'twofish-cbc': [['d0.28', 'd2014.66'], [], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_DBEAR67]], + 'twofish128-cbc': [['d0.47', 'd2014.66'], [], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_DBEAR67]], 'twofish192-cbc': [[], [], [WARN_CIPHER_MODE]], - 'twofish256-cbc': [['d0.47', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]], + 'twofish256-cbc': [['d0.47', 'd2014.66'], [], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_DBEAR67]], 'twofish-ctr': [[]], 'twofish128-ctr': [['d2015.68']], 'twofish192-ctr': [[]], 'twofish256-ctr': [['d2015.68']], - 'serpent128-cbc': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'serpent192-cbc': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'serpent256-cbc': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'serpent128-ctr': [[], [FAIL_DEPRECATED_CIPHER]], - 'serpent192-ctr': [[], [FAIL_DEPRECATED_CIPHER]], - 'serpent256-ctr': [[], [FAIL_DEPRECATED_CIPHER]], - 'idea-cbc': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'idea-ctr': [[], [FAIL_DEPRECATED_CIPHER]], - 'cast128-ctr': [[], [FAIL_DEPRECATED_CIPHER]], - 'cast128-cbc': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], - 'arcfour': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]], - 'arcfour128': [['4.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]], - 'arcfour256': [['4.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]], - 'aes128-cbc': [['2.3.0,d0.28,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]], - 'aes192-cbc': [['2.3.0,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]], - 'aes256-cbc': [['2.3.0,d0.47,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]], - 'rijndael128-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]], - 'rijndael192-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]], - 'rijndael256-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]], - 'rijndael-cbc@lysator.liu.se': [['2.3.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE]], - 'rijndael-cbc@ssh.com': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], + 'serpent128-cbc': [[], [FAIL_SERPENT], [WARN_CIPHER_MODE]], + 'serpent192-cbc': [[], [FAIL_SERPENT], [WARN_CIPHER_MODE]], + 'serpent256-cbc': [[], [FAIL_SERPENT], [WARN_CIPHER_MODE]], + 'serpent128-ctr': [[], [FAIL_SERPENT]], + 'serpent192-ctr': [[], [FAIL_SERPENT]], + 'serpent256-ctr': [[], [FAIL_SERPENT]], + 'idea-cbc': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], + 'idea-ctr': [[], [FAIL_IDEA]], + 'cast128-ctr': [[], [FAIL_CAST]], + 'cast128-cbc': [['2.1.0', '6.6', '7.1'], [FAIL_CAST], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], + 'arcfour': [['2.1.0', '6.6', '7.1'], [FAIL_RC4]], + 'arcfour128': [['4.2', '6.6', '7.1'], [FAIL_RC4]], + 'arcfour256': [['4.2', '6.6', '7.1'], [FAIL_RC4]], + 'aes128-cbc': [['2.3.0,d0.28,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]], + 'aes192-cbc': [['2.3.0,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]], + 'aes256-cbc': [['2.3.0,d0.47,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]], + 'rijndael128-cbc': [['2.3.0', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], + 'rijndael192-cbc': [['2.3.0', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], + 'rijndael256-cbc': [['2.3.0', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], + 'rijndael-cbc@lysator.liu.se': [['2.3.0', '6.6', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], + 'rijndael-cbc@ssh.com': [[], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE]], 'aes128-ctr': [['3.7,d0.52,l10.4.1']], 'aes192-ctr': [['3.7,l10.4.1']], 'aes256-ctr': [['3.7,d0.52,l10.4.1']], @@ -292,8 +294,8 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'AEAD_AES_256_GCM': [[]], 'aes128-gcm@openssh.com': [['6.2']], 'aes256-gcm@openssh.com': [['6.2']], - 'chacha20-poly1305': [[], [], [], [INFO_OPENSSH69_CHACHA]], - 'chacha20-poly1305@openssh.com': [['6.5'], [], [], [INFO_OPENSSH69_CHACHA]], + 'chacha20-poly1305': [[], [], [], [INFO_DEFAULT_OPENSSH_CIPHER]], + 'chacha20-poly1305@openssh.com': [['6.5'], [], [], [INFO_DEFAULT_OPENSSH_CIPHER]], 'camellia128-cbc': [[], [], [WARN_CIPHER_MODE]], 'camellia128-ctr': [[]], 'camellia192-cbc': [[], [], [WARN_CIPHER_MODE]], @@ -301,29 +303,29 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'camellia256-cbc': [[], [], [WARN_CIPHER_MODE]], 'camellia256-ctr': [[]], 'crypticore128@ssh.com': [[], [FAIL_UNPROVEN]], - 'seed-cbc@ssh.com': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - '3des-cfb': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE]], - '3des-ecb': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE]], - '3des-ofb': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE]], - 'blowfish-cfb': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE]], - 'blowfish-ecb': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE]], - 'blowfish-ofb': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE]], + 'seed-cbc@ssh.com': [[], [FAIL_SEED], [WARN_CIPHER_MODE]], + '3des-cfb': [[], [FAIL_3DES], [WARN_CIPHER_MODE]], + '3des-ecb': [[], [FAIL_3DES], [WARN_CIPHER_MODE]], + '3des-ofb': [[], [FAIL_3DES], [WARN_CIPHER_MODE]], + 'blowfish-cfb': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE]], + 'blowfish-ecb': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE]], + 'blowfish-ofb': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE]], 'camellia128-cbc@openssh.org': [[], [], [WARN_CIPHER_MODE]], 'camellia128-ctr@openssh.org': [[]], 'camellia192-cbc@openssh.org': [[], [], [WARN_CIPHER_MODE]], 'camellia192-ctr@openssh.org': [[]], 'camellia256-cbc@openssh.org': [[], [], [WARN_CIPHER_MODE]], 'camellia256-ctr@openssh.org': [[]], - 'cast128-cfb': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'cast128-ecb': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'cast128-ofb': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'cast128-12-cbc@ssh.com': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'idea-cfb': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'idea-ecb': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'idea-ofb': [[], [FAIL_DEPRECATED_CIPHER], [WARN_CIPHER_MODE]], - 'seed-ctr@ssh.com': [[], [FAIL_DEPRECATED_CIPHER]], - 'serpent128-gcm@libassh.org': [[], [FAIL_DEPRECATED_CIPHER]], - 'serpent256-gcm@libassh.org': [[], [FAIL_DEPRECATED_CIPHER]], + 'cast128-cfb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], + 'cast128-ecb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], + 'cast128-ofb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], + 'cast128-12-cbc@ssh.com': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], + 'idea-cfb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], + 'idea-ecb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], + 'idea-ofb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], + 'seed-ctr@ssh.com': [[], [FAIL_SEED]], + 'serpent128-gcm@libassh.org': [[], [FAIL_SERPENT]], + 'serpent256-gcm@libassh.org': [[], [FAIL_SERPENT]], 'twofish-cfb': [[], [], [WARN_CIPHER_MODE]], 'twofish-ecb': [[], [], [WARN_CIPHER_MODE]], 'twofish-ofb': [[], [], [WARN_CIPHER_MODE]], @@ -332,16 +334,16 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods }, 'mac': { 'none': [['d2013.56'], [FAIL_PLAINTEXT]], - 'hmac-sha1': [['2.1.0,d0.28,l10.2'], [], [WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]], - 'hmac-sha1-96': [['2.5.0,d0.47', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]], - 'hmac-sha1-96@openssh.com': [[], [], [WARN_TAG_SIZE, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], + 'hmac-sha1': [['2.1.0,d0.28,l10.2'], [FAIL_SHA1], [WARN_ENCRYPT_AND_MAC]], + 'hmac-sha1-96': [['2.5.0,d0.47', '6.6', '7.1'], [FAIL_SHA1], [WARN_ENCRYPT_AND_MAC]], + 'hmac-sha1-96@openssh.com': [[], [FAIL_SHA1], [WARN_TAG_SIZE, WARN_ENCRYPT_AND_MAC], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], 'hmac-sha2-56': [[], [], [WARN_TAG_SIZE, WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-224': [[], [], [WARN_TAG_SIZE, WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-256': [['5.9,d2013.56,l10.7.0'], [], [WARN_ENCRYPT_AND_MAC]], - 'hmac-sha2-256-96': [['5.9', '6.0'], [FAIL_OPENSSH61_REMOVE], [WARN_ENCRYPT_AND_MAC]], + 'hmac-sha2-256-96': [['5.9', '6.0'], [], [WARN_ENCRYPT_AND_MAC], [INFO_REMOVED_IN_OPENSSH61]], 'hmac-sha2-384': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-512': [['5.9,d2013.56,l10.7.0'], [], [WARN_ENCRYPT_AND_MAC]], - 'hmac-sha2-512-96': [['5.9', '6.0'], [FAIL_OPENSSH61_REMOVE], [WARN_ENCRYPT_AND_MAC]], + 'hmac-sha2-512-96': [['5.9', '6.0'], [], [WARN_ENCRYPT_AND_MAC], [INFO_REMOVED_IN_OPENSSH61]], 'hmac-sha3-224': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-256': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-384': [[], [], [WARN_ENCRYPT_AND_MAC]], @@ -351,23 +353,23 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'hmac-sha256@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha512': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha512@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]], - 'hmac-md5': [['2.1.0,d0.28', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]], - 'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]], - 'hmac-ripemd': [[], [FAIL_DEPRECATED_MAC], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]], - 'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]], - 'hmac-ripemd160-96': [[], [FAIL_DEPRECATED_MAC], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], - 'hmac-ripemd160@openssh.com': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]], + 'hmac-md5': [['2.1.0,d0.28', '6.6', '7.1'], [FAIL_MD5], [WARN_ENCRYPT_AND_MAC]], + 'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_MD5], [WARN_ENCRYPT_AND_MAC]], + 'hmac-ripemd': [[], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC]], + 'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC]], + 'hmac-ripemd160-96': [[], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], + 'hmac-ripemd160@openssh.com': [['2.1.0', '6.6', '7.1'], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC]], 'umac-64@openssh.com': [['4.7'], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], 'umac-128@openssh.com': [['6.2'], [], [WARN_ENCRYPT_AND_MAC]], - 'hmac-sha1-etm@openssh.com': [['6.2'], [], [WARN_HASH_WEAK]], - 'hmac-sha1-96-etm@openssh.com': [['6.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]], + 'hmac-sha1-etm@openssh.com': [['6.2'], [FAIL_SHA1]], + 'hmac-sha1-96-etm@openssh.com': [['6.2', '6.6', None], [FAIL_SHA1]], 'hmac-sha2-256-96-etm@openssh.com': [[], [], [WARN_TAG_SIZE_96], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], # Only ever implemented in AsyncSSH (?). 'hmac-sha2-512-96-etm@openssh.com': [[], [], [WARN_TAG_SIZE_96], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], # Only ever implemented in AsyncSSH (?). 'hmac-sha2-256-etm@openssh.com': [['6.2']], 'hmac-sha2-512-etm@openssh.com': [['6.2']], - 'hmac-md5-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_HASH_WEAK]], - 'hmac-md5-96-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_HASH_WEAK]], - 'hmac-ripemd160-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY]], + 'hmac-md5-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_MD5]], + 'hmac-md5-96-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_MD5]], + 'hmac-ripemd160-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_RIPEMD]], 'umac-32@openssh.com': [[], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], 'umac-64-etm@openssh.com': [['6.2'], [], [WARN_TAG_SIZE]], 'umac-96@openssh.com': [[], [], [WARN_ENCRYPT_AND_MAC], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], diff --git a/test/docker/expected_results/dropbear_2019.78_test1.txt b/test/docker/expected_results/dropbear_2019.78_test1.txt index 237fdc0..e84bef4 100644 --- a/test/docker/expected_results/dropbear_2019.78_test1.txt +++ b/test/docker/expected_results/dropbear_2019.78_test1.txt @@ -6,59 +6,55 @@ # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 -(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves +(kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves +(kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) kexguess2@matt.ucc.asn.au -- [info] available since Dropbear SSH 2013.57 # host-key algorithms -(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves +(key) ecdsa-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-dss -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 -(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 -(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 -(enc) 3des-ctr -- [fail] using weak cipher +(enc) 3des-ctr -- [fail] using broken & deprecated 3DES cipher `- [info] available since Dropbear SSH 0.52 -(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm - `- [warn] using weak cipher +(enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 # message authentication code algorithms -(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 @@ -69,21 +65,21 @@ # algorithm recommendations (for Dropbear SSH 2019.78) (rec) -3des-cbc -- enc algorithm to remove  (rec) -3des-ctr -- enc algorithm to remove  -(rec) -aes128-cbc -- enc algorithm to remove  -(rec) -aes256-cbc -- enc algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -ssh-dss -- key algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) +diffie-hellman-group16-sha512 -- kex algorithm to append  (rec) +twofish128-ctr -- enc algorithm to append  (rec) +twofish256-ctr -- enc algorithm to append  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha2-256 -- mac algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_4.0p1_test1.txt b/test/docker/expected_results/openssh_4.0p1_test1.txt index 87f43bf..4810a47 100644 --- a/test/docker/expected_results/openssh_4.0p1_test1.txt +++ b/test/docker/expected_results/openssh_4.0p1_test1.txt @@ -32,92 +32,73 @@ # key exchange algorithms (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.3.0 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack - `- [warn] using weak hashing algorithm + `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security) + `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-dss -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # encryption algorithms (ciphers) -(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 -(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm - `- [warn] using weak cipher +(enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled since Dropbear SSH 0.53 - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 -(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 -(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 -(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 -(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 # message authentication code algorithms -(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 -(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 -(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 -(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 -(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0 # fingerprints @@ -125,24 +106,24 @@ # algorithm recommendations (for OpenSSH 4.0) (rec) -3des-cbc -- enc algorithm to remove  -(rec) -aes128-cbc -- enc algorithm to remove  -(rec) -aes192-cbc -- enc algorithm to remove  -(rec) -aes256-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -blowfish-cbc -- enc algorithm to remove  (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-dss -- key algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  diff --git a/test/docker/expected_results/openssh_5.6p1_test1.txt b/test/docker/expected_results/openssh_5.6p1_test1.txt index 8bbdc4c..601dc39 100644 --- a/test/docker/expected_results/openssh_5.6p1_test1.txt +++ b/test/docker/expected_results/openssh_5.6p1_test1.txt @@ -25,103 +25,80 @@ (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.3.0 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack - `- [warn] using weak hashing algorithm + `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security) + `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-dss -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 -(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 -(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm - `- [warn] using weak cipher +(enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled since Dropbear SSH 0.53 - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 -(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 -(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 -(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 -(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms -(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 -(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 -(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 -(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 -(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0 # fingerprints @@ -130,9 +107,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  -(rec) -aes128-cbc -- enc algorithm to remove  -(rec) -aes192-cbc -- enc algorithm to remove  -(rec) -aes256-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  @@ -140,16 +114,19 @@ (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-dss -- key algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_5.6p1_test2.txt b/test/docker/expected_results/openssh_5.6p1_test2.txt index b605e74..649e3c0 100644 --- a/test/docker/expected_results/openssh_5.6p1_test2.txt +++ b/test/docker/expected_results/openssh_5.6p1_test2.txt @@ -25,23 +25,22 @@ (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.3.0 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack - `- [warn] using weak hashing algorithm + `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security) + `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 -(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm +(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 @@ -50,78 +49,56 @@ (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 -(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 -(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm - `- [warn] using weak cipher +(enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled since Dropbear SSH 0.53 - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 -(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 -(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 -(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 -(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms -(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 -(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 -(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 -(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 -(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0 # fingerprints @@ -130,9 +107,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  -(rec) -aes128-cbc -- enc algorithm to remove  -(rec) -aes192-cbc -- enc algorithm to remove  -(rec) -aes256-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  @@ -140,16 +114,19 @@ (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_5.6p1_test3.txt b/test/docker/expected_results/openssh_5.6p1_test3.txt index 05c1259..ce2edb2 100644 --- a/test/docker/expected_results/openssh_5.6p1_test3.txt +++ b/test/docker/expected_results/openssh_5.6p1_test3.txt @@ -25,23 +25,22 @@ (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.3.0 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack - `- [warn] using weak hashing algorithm + `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security) + `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 -(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm +(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 @@ -50,78 +49,56 @@ (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 -(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 -(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm - `- [warn] using weak cipher +(enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled since Dropbear SSH 0.53 - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 -(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 -(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 -(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 -(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms -(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 -(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 -(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 -(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 -(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0 # fingerprints @@ -130,9 +107,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  -(rec) -aes128-cbc -- enc algorithm to remove  -(rec) -aes192-cbc -- enc algorithm to remove  -(rec) -aes256-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  @@ -140,16 +114,19 @@ (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_5.6p1_test4.txt b/test/docker/expected_results/openssh_5.6p1_test4.txt index 5c0a1d8..c362c18 100644 --- a/test/docker/expected_results/openssh_5.6p1_test4.txt +++ b/test/docker/expected_results/openssh_5.6p1_test4.txt @@ -25,22 +25,21 @@ (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.3.0 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack - `- [warn] using weak hashing algorithm + `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security) + `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms -(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 -(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm +(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 @@ -49,78 +48,56 @@ (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 -(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 -(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm - `- [warn] using weak cipher +(enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled since Dropbear SSH 0.53 - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 -(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 -(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 -(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 -(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms -(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 -(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 -(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 -(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 -(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0 # fingerprints @@ -129,9 +106,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  -(rec) -aes128-cbc -- enc algorithm to remove  -(rec) -aes192-cbc -- enc algorithm to remove  -(rec) -aes256-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  @@ -139,16 +113,19 @@ (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_5.6p1_test5.txt b/test/docker/expected_results/openssh_5.6p1_test5.txt index eed7002..4d388d1 100644 --- a/test/docker/expected_results/openssh_5.6p1_test5.txt +++ b/test/docker/expected_results/openssh_5.6p1_test5.txt @@ -25,22 +25,21 @@ (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.3.0 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus - `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack - `- [warn] using weak hashing algorithm + `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security) + `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms -(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 -(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm +(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 @@ -48,78 +47,56 @@ (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 -(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 -(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 -(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm - `- [warn] using weak cipher +(enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [fail] disabled since Dropbear SSH 0.53 - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 -(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 -(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 -(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] using weak cipher mode +(enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 -(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm - `- [warn] using weak cipher +(enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 -(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 + `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms -(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 -(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 -(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 -(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 -(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm - `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm +(mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm `- [info] available since OpenSSH 2.5.0 # fingerprints @@ -128,9 +105,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  -(rec) -aes128-cbc -- enc algorithm to remove  -(rec) -aes192-cbc -- enc algorithm to remove  -(rec) -aes256-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  @@ -138,16 +112,19 @@ (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_8.0p1_test1.txt b/test/docker/expected_results/openssh_8.0p1_test1.txt index 76a9bd5..62aa59b 100644 --- a/test/docker/expected_results/openssh_8.0p1_test1.txt +++ b/test/docker/expected_results/openssh_8.0p1_test1.txt @@ -12,12 +12,14 @@ # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 -(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves +(kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves +(kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 4.4 @@ -26,24 +28,24 @@ (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 (kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 # host-key algorithms (key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2 (key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2 -(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm +(key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 -(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves +(key) ecdsa-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (key) ssh-ed25519 -- [info] available since OpenSSH 6.5 # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 - `- [info] default cipher since OpenSSH 6.9. + `- [info] default cipher since OpenSSH 6.9 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 @@ -56,7 +58,7 @@ (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 -(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm +(mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 6.2 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size @@ -67,8 +69,8 @@ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 # fingerprints @@ -76,15 +78,15 @@ (fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244 # algorithm recommendations (for OpenSSH 8.0) +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  -(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  (rec) -hmac-sha2-256 -- mac algorithm to remove  (rec) -hmac-sha2-512 -- mac algorithm to remove  (rec) -umac-128@openssh.com -- mac algorithm to remove  diff --git a/test/docker/expected_results/openssh_8.0p1_test2.txt b/test/docker/expected_results/openssh_8.0p1_test2.txt index 9b4c1ef..8250da6 100644 --- a/test/docker/expected_results/openssh_8.0p1_test2.txt +++ b/test/docker/expected_results/openssh_8.0p1_test2.txt @@ -12,12 +12,14 @@ # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 -(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves +(kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves +(kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 4.4 @@ -26,7 +28,7 @@ (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 (kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 -(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm +(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 @@ -36,7 +38,7 @@ # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 - `- [info] default cipher since OpenSSH 6.9. + `- [info] default cipher since OpenSSH 6.9 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 @@ -49,7 +51,7 @@ (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 -(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm +(mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 6.2 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size @@ -60,23 +62,23 @@ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 -(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode - `- [warn] using weak hashing algorithm +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 # fingerprints (fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU # algorithm recommendations (for OpenSSH 8.0) +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  (rec) +rsa-sha2-256 -- key algorithm to append  (rec) +rsa-sha2-512 -- key algorithm to append  -(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove  -(rec) -hmac-sha1 -- mac algorithm to remove  -(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  (rec) -hmac-sha2-256 -- mac algorithm to remove  (rec) -hmac-sha2-512 -- mac algorithm to remove  (rec) -umac-128@openssh.com -- mac algorithm to remove  diff --git a/test/docker/expected_results/openssh_8.0p1_test3.txt b/test/docker/expected_results/openssh_8.0p1_test3.txt index bbba851..316c5e9 100644 --- a/test/docker/expected_results/openssh_8.0p1_test3.txt +++ b/test/docker/expected_results/openssh_8.0p1_test3.txt @@ -12,7 +12,9 @@ # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 -(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 (kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 4.4 `- [info] A bug in OpenSSH causes it to fall back to a 2048-bit modulus regardless of server configuration (https://bugzilla.mindrot.org/show_bug.cgi?id=2793) @@ -22,7 +24,7 @@ # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 - `- [info] default cipher since OpenSSH 6.9. + `- [info] default cipher since OpenSSH 6.9 (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 diff --git a/test/docker/expected_results/tinyssh_20190101_test1.txt b/test/docker/expected_results/tinyssh_20190101_test1.txt index 9e833c6..a11ae53 100644 --- a/test/docker/expected_results/tinyssh_20190101_test1.txt +++ b/test/docker/expected_results/tinyssh_20190101_test1.txt @@ -5,16 +5,19 @@ # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 -(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 (kex) sntrup4591761x25519-sha512@tinyssh.org -- [warn] using experimental algorithm `- [info] available since OpenSSH 8.0 + `- [info] the sntrup4591761 algorithm was withdrawn, as it may not provide strong post-quantum security # host-key algorithms (key) ssh-ed25519 -- [info] available since OpenSSH 6.5 # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 - `- [info] default cipher since OpenSSH 6.9. + `- [info] default cipher since OpenSSH 6.9 # message authentication code algorithms (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode diff --git a/test/test_ssh2.py b/test/test_ssh2.py index b1a7767..d0e5ba1 100644 --- a/test/test_ssh2.py +++ b/test/test_ssh2.py @@ -164,7 +164,7 @@ class TestSSH2: self.audit(out, self._conf()) out.write() lines = output_spy.flush() - assert len(lines) == 73 + assert len(lines) == 70 def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket): vsocket = virtual_socket diff --git a/test/test_ssh2_kexdb.py b/test/test_ssh2_kexdb.py new file mode 100644 index 0000000..25183fc --- /dev/null +++ b/test/test_ssh2_kexdb.py @@ -0,0 +1,35 @@ +import pytest + +from ssh_audit.ssh2_kexdb import SSH2_KexDB + + +class Test_SSH2_KexDB: + + @pytest.fixture(autouse=True) + def init(self): + self.db = SSH2_KexDB.ALGORITHMS + + def test_ssh2_kexdb(self): + '''Ensures that the SSH2_KexDB.ALGORITHMS dictionary is in the right format.''' + + db_keys = list(self.db.keys()) + db_keys.sort() + + # Ensure only these keys exist in the database. + assert db_keys == ['enc', 'kex', 'key', 'mac'] + + # For 'enc', 'kex', etc... + for alg_type in self.db: + + # Iterate over algorithms within this type (i.e.: all 'enc' algorithms, all 'kex' algorithms, etc). + for alg_name in self.db[alg_type]: + + # Get the list of failures, warnings, etc., for this algorithm. + alg_data = self.db[alg_type][alg_name] + + # This list must be between 1 and 4 entries long. + assert 1 <= len(alg_data) <= 4 + + # The first entry denotes the versions when this algorithm was added to OpenSSH, Dropbear, and/or libssh, followed by when it was deprecated, and finally when it was removed. Hence it must have between 0 and 3 entries. + added_entry = alg_data[0] + assert 0 <= len(added_entry) <= 3