Added support for host key 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com' (#149).

2025-11-04 03:02:15 +01:00 · 2022-10-10 20:51:37 -04:00
parent b9520cbc25
commit d429b543d0
2 changed files with 5 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@
 - historical information from OpenSSH, Dropbear SSH and libssh;
 - policy scans to ensure adherence to a hardened/standard configuration;
 - runs on Linux and Windows;
- supports Python 3.6 - 3.9;
+- supports Python 3.7 - 3.10;
 - no dependencies
 ## Usage
@@ -173,11 +173,14 @@ For convenience, a web front-end on top of the command-line tool is available at
 ## ChangeLog
 ### v2.6.0-dev
 - Dropped support for Python 3.6, as it reached EOL at the end of 2021.
 - Added Ubuntu Server 22.04 hardening policy.
 - Removed experimental warning tag from `sntrup761x25519-sha512@openssh.com`.
 - Updated CVE database; credit [Alexandre Zanni](https://github.com/noraj).
 - Added `-g` and `--gex-test` for granular GEX modulus size tests; credit [Adam Russell](https://github.com/thecliguy).
 - Snap packages now print more user-friendly error messages when permission errors are encountered.
 - JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337).
 - Added 1 new host key: `webauthn-sk-ecdsa-sha2-nistp256@openssh.com`.
 - Added 24 new key exchanges: `ecdh-sha2-1.3.132.0.1`, `ecdh-sha2-1.2.840.10045.3.1.1`, `ecdh-sha2-1.3.132.0.33`, `ecdh-sha2-1.3.132.0.26`, `ecdh-sha2-1.3.132.0.27`, `ecdh-sha2-1.2.840.10045.3.1.7`, `ecdh-sha2-1.3.132.0.16`, `ecdh-sha2-1.3.132.0.34`, `ecdh-sha2-1.3.132.0.36`, `ecdh-sha2-1.3.132.0.37`, `ecdh-sha2-1.3.132.0.35`, `ecdh-sha2-1.3.132.0.38`, `ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==`, `ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==`, `ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==`, `ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==`, `ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==`, `ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==`, `ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==`, `ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==`, `ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==`, `ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==`, `ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==`, `ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w==`.
 ### v2.5.0 (2021-08-26)
--- a/src/ssh_audit/ssh2_kexdb.py
+++ b/src/ssh_audit/ssh2_kexdb.py
@@ -196,6 +196,7 @@ class SSH2_KexDB:  # pylint: disable=too-few-public-methods
            'x509v3-ecdsa-sha2-nistp384': [[], [WARN_CURVES_WEAK]],
            'x509v3-ecdsa-sha2-nistp521': [[], [WARN_CURVES_WEAK]],
            'x509v3-rsa2048-sha256': [[]],
            'webauthn-sk-ecdsa-sha2-nistp256@openssh.com': [['8.3'], [WARN_CURVES_WEAK]],
        },
        'enc': {
            'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],