Suppress recommendation of token host key types.

2024-11-16 13:35:39 +01:00 · 2020-05-31 11:42:06 -04:00 · 2020-05-31 11:42:06 -04:00 · edc363db60
commit edc363db60
parent 4b314a55ef
2 changed files with 3 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -70,6 +70,7 @@ $ snap install ssh-audit

 ## ChangeLog
 ### v2.2.1-dev (???)
+ - Suppress recommendation of token host key types.
 - Added 1 new host key types: `ssh-rsa1`.
 - Added 1 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`.
 - Added 2 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`.
--- a/ssh-audit.py
+++ b/ssh-audit.py
@ -1837,7 +1837,8 @@ class SSH(object):  # pylint: disable=too-few-public-methods
 							if fc > 0:
 								faults += pow(10, 2 - i) * fc
 						if n not in alg_list:
-							if faults > 0 or (alg_type == 'key' and '-cert-' in n) or empty_version:
+							# Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server.
+							if faults > 0 or (alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or empty_version:
 								continue
 							rec[sshv][alg_type]['add'][n] = 0
 						else: