elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-11-04 03:02:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Suppress recommendation of token host key types.

Browse Source
This commit is contained in:
Joe Testa
2020-05-31 11:42:06 -04:00
parent 4b314a55ef
commit edc363db60
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -70,6 +70,7 @@ $ snap install ssh-audit
## ChangeLog ## ChangeLog
### v2.2.1-dev (???) ### v2.2.1-dev (???)
- Suppress recommendation of token host key types.
- Added 1 new host key types: `ssh-rsa1`. - Added 1 new host key types: `ssh-rsa1`.
- Added 1 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`. - Added 1 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`.
- Added 2 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`. - Added 2 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`.

3
ssh-audit.py
View File

@@ -1837,7 +1837,8 @@ class SSH(object): # pylint: disable=too-few-public-methods
if fc > 0: if fc > 0:
faults += pow(10, 2 - i) * fc faults += pow(10, 2 - i) * fc
if n not in alg_list: if n not in alg_list:
if faults > 0 or (alg_type == 'key' and '-cert-' in n) or empty_version: # Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server.
if faults > 0 or (alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or empty_version:
continue continue
rec[sshv][alg_type]['add'][n] = 0 rec[sshv][alg_type]['add'][n] = 0
else: else: