Disable color when the NO_COLOR environment variable is set. (#234 )

Added note regarding general OpenSSH policies failing against platforms with back-ported features. (#236 )
2026-05-25 15:31:23 +02:00 · 2024-01-28 18:17:49 -05:00 · 2024-01-28 17:37:21 -05:00
3 changed files with 11 additions and 3 deletions
@@ -180,6 +180,7 @@ For convenience, a web front-end on top of the command-line tool is available at

 ### v3.2.0-dev (???)
 - Expanded filter of CBC ciphers to flag for the Terrapin vulnerability.  It now includes more rarely found ciphers.
+ - Color output is disabled if the `NO_COLOR` environment variable is set (see https://no-color.org/).

 ### v3.1.0 (2023-12-20)
 - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
@@ -106,7 +106,8 @@ def usage(uout: OutputBuffer, err: Optional[str] = None) -> None:
    uout.info('        --lookup=<alg1,alg2,...>    looks up an algorithm(s) without\n                                    connecting to a server')
    uout.info('   -M,  --make-policy=<policy.txt>  creates a policy based on the target server\n                                    (i.e.: the target server has the ideal\n                                    configuration that other servers should\n                                    adhere to)')
    uout.info('   -m,  --manual           print the man page (Windows only)')
-    uout.info('   -n,  --no-colors        disable colors')
+    uout.info('   -n,  --no-colors        disable colors (automatic when the NO_COLOR')
+    uout.info('                                  environment variable is set)')
    uout.info('   -p,  --port=<port>      port to connect')
    uout.info('   -P,  --policy=<policy.txt>  run a policy test using the specified policy')
    uout.info('   -t,  --timeout=<secs>   timeout (in seconds) for connection and reading\n                               (default: 5)')
@@ -814,6 +815,7 @@ def list_policies(out: OutputBuffer) -> None:
        out.fail("Error: no built-in policies found!")
    else:
        out.info("\nHint: Use -P and provide the full name of a policy to run a policy scan with.\n")
+        out.info("Note: the general OpenSSH policies apply to the official releases only. OS distributions may back-port changes that cause failures (for example, Debian 11 back-ported the strict KEX mode into their package of OpenSSH v8.4, whereas it was only officially added to OpenSSH v9.6 and later).  In these cases, consider creating a custom policy (-M option).\n")
    out.write()


@@ -857,6 +859,11 @@ def process_commandline(out: OutputBuffer, args: List[str], usage_cb: Callable[.
    aconf = AuditConf()

    enable_colors = not any(i in args for i in ['--no-colors', '-n'])
+
+    # Disable colors if the NO_COLOR environment variable is set.
+    if "NO_COLOR" in os.environ:
+        enable_colors = False
+
    aconf.colors = enable_colors
    out.use_colors = enable_colors

@@ -1,4 +1,4 @@
-.TH SSH-AUDIT 1 "March 13, 2022"
+.TH SSH-AUDIT 1 "January 28, 2024"
 .SH NAME
 \fBssh-audit\fP \- SSH server & client configuration auditor
 .SH SYNOPSIS
@@ -114,7 +114,7 @@ Creates a policy based on the target server.  Useful when other servers should b
 .TP
 .B -n, \-\-no-colors
 .br
-Disable color output.
+Disable color output.  Automatically set when the NO_COLOR environment variable is set.

 .TP
 .B -p, \-\-port=<port>
Author	SHA1	Message	Date
Joe Testa	f326d58068	Disable color when the NO_COLOR environment variable is set. (#234 )	2024-01-28 18:17:49 -05:00
Joe Testa	b72f6a420f	Added note regarding general OpenSSH policies failing against platforms with back-ported features. (#236 )	2024-01-28 17:37:21 -05:00