Joe Testa
|
3313046714
|
Added built-in policy for OpenSSH 9.7.
|
2024-03-12 20:23:55 -04:00 |
|
Joe Testa
|
c9412cbb88
|
Added built-in policies for OpenSSH 9.5 and 9.6.
|
2023-12-19 17:42:43 -05:00 |
|
Joe Testa
|
c259a83782
|
Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.
|
2023-12-19 14:03:28 -05:00 |
|
Joe Testa
|
ba8e8a7e68
|
Re-organized option host key types for OpenSSH 9.2 to correspond with updated Debian 12 hardening guide.
|
2023-11-27 21:33:13 -05:00 |
|
Joe Testa
|
bad2c9cd8e
|
In Ubuntu 22.04 client policy, moved host key types and to the end of all certificate types.
|
2023-11-27 20:07:36 -05:00 |
|
Joe Testa
|
69e1e121fd
|
In server policies, reduced expected DH modulus sizes from 4096 to 3072 to match online hardening guides.
|
2023-11-27 19:15:18 -05:00 |
|
Joe Testa
|
884ef645f8
|
Prioritized certificate host key types for Ubuntu 22.04 client policy. (#193)
|
2023-09-05 14:01:51 -04:00 |
|
Joe Testa
|
4e6169d0cb
|
Added built-in policy for OpenSSH 9.4.
|
2023-09-03 18:12:16 -04:00 |
|
Joe Testa
|
199e75f6cd
|
Refined GEX testing against OpenSSH servers: when the fallback mechanism is suspected of being triggered, perform an additional test to obtain more accurate results.
|
2023-09-03 16:13:00 -04:00 |
|
Joe Testa
|
c33e7d9b72
|
Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2, and 9.3.
|
2023-04-27 21:40:47 -04:00 |
|
Joe Testa
|
7f8d6b4d5b
|
Fixed built-in policy formatting and filled in missing host key size information.
|
2023-04-26 15:47:58 -04:00 |
|
Joe Testa
|
263267c5ad
|
Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) (#120).
|
2023-04-25 09:17:32 -04:00 |
|
Joe Testa
|
0b905a7fdd
|
Added Ubuntu Client 22.04 hardening policy.
|
2023-02-01 19:29:54 -05:00 |
|
Joe Testa
|
0b8ecf2fb5
|
Added Ubuntu Server 22.04 LTS hardening policy.
|
2022-10-10 20:34:28 -04:00 |
|
Joe Testa
|
4ace52a190
|
Now prints a more user-friendly error message when installed as a Snap package and permission errors are encountered. Updated the Snap build process as well.
|
2021-10-14 23:56:03 -04:00 |
|
Joe Testa
|
e7d320f602
|
Fixed new pylint warnings.
|
2021-08-25 13:28:30 -04:00 |
|
Joe Testa
|
682cb66f85
|
Added OpenSSH v8.6 & v8.7 policies.
|
2021-08-25 12:30:38 -04:00 |
|
Joe Testa
|
45da9f20ae
|
Added 'rsa-sha2-512' and 'rsa-sha2-256' to OpenSSH 8.1 (and earlier) policies.
|
2021-05-31 15:49:56 -04:00 |
|
Joe Testa
|
1bbc3feb57
|
Added OpenSSH 8.5 built-in policy. Added sntrup761x25519-sha512@openssh.com kex.
|
2021-02-23 16:02:20 -05:00 |
|
Joe Testa
|
60de5e55cb
|
Transformed comment type annotations to variable declaration annotations.
|
2021-01-21 10:20:48 -05:00 |
|
Joe Testa
|
0cb3127482
|
Fixed pylint warnings.
|
2020-10-21 19:36:43 -04:00 |
|
Joe Testa
|
f0db035044
|
Now prints a graceful error message when policy file is not found.
|
2020-10-20 23:26:21 -04:00 |
|
Joe Testa
|
1730126af8
|
Removed 'ssh-rsa-cert-v01@openssh.com' from built-in policies.
|
2020-10-20 23:19:56 -04:00 |
|
Joe Testa
|
ec48249deb
|
Now reports policy errors in an easier to read format. (#63)
|
2020-10-20 16:25:39 -04:00 |
|
Joe Testa
|
8fa3a12057
|
Parse public key sizes for 'rsa-sha2-256-cert-v01@openssh.com' and 'rsa-sha2-512-cert-v01@openssh.com' host key types. Include expected CA key sizes in built-in policies.
|
2020-10-19 17:42:12 -04:00 |
|
Joe Testa
|
046c866da4
|
Moved built-in policies from external files to internal database. (#75)
|
2020-10-19 17:27:37 -04:00 |
|
Joe Testa
|
1a5c0e7fad
|
Split ssh_audit.py into separate files (#47).
|
2020-10-15 14:34:23 -04:00 |
|