From f82c9825d91b7cb2b1d0454274f6e8325132950d Mon Sep 17 00:00:00 2001 From: Andris Raugulis Date: Wed, 3 Aug 2016 17:32:46 +0300 Subject: [PATCH] Add new key-exchange algorithms. Use OpenSSH 7.3 banner. --- README.md | 4 ++++ ssh-audit.py | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 65ad32a..c9a373f 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,10 @@ Verbose flag will fill each row, i.e, not leave blanks, for easier usage with _b ![screenshot](https://cloud.githubusercontent.com/assets/7356025/12120117/fa0ef9f8-b3d7-11e5-9a1b-f410b5217529.png) ## ChangeLog +### v1.0.20160803 + - use OpenSSH 7.3 banner + - add new key-exchange algorithms + ### v1.0.20160207 - use OpenSSH 7.2 banner - additional warnings for OpenSSH 7.2 diff --git a/ssh-audit.py b/ssh-audit.py index 1a90d78..1fb00e6 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -26,7 +26,7 @@ from __future__ import print_function import os, io, sys, socket, struct, random -SSH_BANNER = 'SSH-2.0-OpenSSH_7.2' +SSH_BANNER = 'SSH-2.0-OpenSSH_7.3' def usage(): p = os.path.basename(sys.argv[0]) @@ -320,6 +320,9 @@ KEX_DB = { 'kex': { 'diffie-hellman-group1-sha1': ['2.3.0,d0.28', [FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [TEXT_MODULUS_SIZE, TEXT_HASH_WEAK]], 'diffie-hellman-group14-sha1': ['3.9,d0.53', [], [TEXT_HASH_WEAK]], + 'diffie-hellman-group14-sha256': ['7.3,d0216.73', [], []], + 'diffie-hellman-group16-sha512': ['7.3,d2016.73', [], []], + 'diffie-hellman-group18-sha512': ['7.3', [], []], 'diffie-hellman-group-exchange-sha1': ['2.3.0', [FAIL_OPENSSH67_UNSAFE], [TEXT_HASH_WEAK]], 'diffie-hellman-group-exchange-sha256': ['4.4', [], [TEXT_MODULUS_CUSTOM]], 'ecdh-sha2-nistp256': ['5.7,d2013.62', [TEXT_CURVES_WEAK]],