mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-21 18:11:40 +01:00
Added OpenSSH v4.0 test.
This commit is contained in:
parent
4f138d7f82
commit
4ebccb8068
@ -71,20 +71,32 @@ function create_docker_image {
|
||||
|
||||
# Aside from checking the GPG signatures, we also compare against this known-good
|
||||
# SHA-256 hash just in case.
|
||||
get_openssh '4.0p1' '5adb9b2c2002650e15216bf94ed9db9541d9a17c96fcd876784861a8890bc92b'
|
||||
get_openssh '5.6p1' '538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b'
|
||||
get_openssh '8.0p1' 'bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68'
|
||||
|
||||
# Compile the versions of OpenSSH.
|
||||
compile_openssh '4.0p1'
|
||||
compile_openssh '5.6p1'
|
||||
compile_openssh '8.0p1'
|
||||
|
||||
# Rename the default config files so we know they are our originals.
|
||||
mv openssh-4.0p1/sshd_config sshd_config-4.0p1_orig
|
||||
mv openssh-5.6p1/sshd_config sshd_config-5.6p1_orig
|
||||
mv openssh-8.0p1/sshd_config sshd_config-8.0p1_orig
|
||||
|
||||
|
||||
# Create the configurations for each test.
|
||||
|
||||
|
||||
#
|
||||
# OpenSSH v4.0p1
|
||||
#
|
||||
|
||||
# Test 1: Basic test.
|
||||
create_openssh_config '4.0p1' 'test1' "HostKey /etc/ssh/ssh1_host_key\nHostKey /etc/ssh/ssh_host_rsa_key_1024\nHostKey /etc/ssh/ssh_host_dsa_key"
|
||||
|
||||
|
||||
#
|
||||
# OpenSSH v5.6p1
|
||||
#
|
||||
@ -164,8 +176,15 @@ function get_openssh {
|
||||
|
||||
echo -e "\nGetting OpenSSH $1 signature...\n"
|
||||
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$1.tar.gz.asc
|
||||
openssh_sig=openssh-$1.tar.gz.asc
|
||||
|
||||
local gpg_verify=`gpg --verify openssh-$1.tar.gz.asc openssh-$1.tar.gz 2>&1`
|
||||
# Older releases were .sigs.
|
||||
if [[ ! -f $openssh_sig ]]; then
|
||||
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$1.tar.gz.sig
|
||||
openssh_sig=openssh-$1.tar.gz.sig
|
||||
fi
|
||||
|
||||
local gpg_verify=`gpg --verify $openssh_sig openssh-$1.tar.gz 2>&1`
|
||||
if [[ $gpg_verify != *"Good signature from \"Damien Miller "* ]]; then
|
||||
echo -e "\n\n${REDB}Error: OpenSSH signature invalid!\n$gpg_verify\n\nTerminating.${CLR}"
|
||||
exit -1
|
||||
@ -246,12 +265,14 @@ TEST_RESULT_DIR=`mktemp -d /tmp/ssh-audit_test-results_XXXXXXXXXX`
|
||||
|
||||
# Now run all the tests.
|
||||
echo -e "\nRunning tests..."
|
||||
run_openssh_test '4.0p1' 'test1'
|
||||
echo
|
||||
run_openssh_test '5.6p1' 'test1'
|
||||
run_openssh_test '5.6p1' 'test2'
|
||||
run_openssh_test '5.6p1' 'test3'
|
||||
run_openssh_test '5.6p1' 'test4'
|
||||
run_openssh_test '5.6p1' 'test5'
|
||||
echo ""
|
||||
echo
|
||||
run_openssh_test '8.0p1' 'test1'
|
||||
run_openssh_test '8.0p1' 'test2'
|
||||
run_openssh_test '8.0p1' 'test3'
|
||||
|
@ -1,10 +1,12 @@
|
||||
FROM ubuntu:16.04
|
||||
|
||||
COPY openssh-4.0p1/sshd /openssh/sshd-4.0p1
|
||||
COPY openssh-5.6p1/sshd /openssh/sshd-5.6p1
|
||||
COPY openssh-8.0p1/sshd /openssh/sshd-8.0p1
|
||||
|
||||
COPY sshd_config* /etc/ssh/
|
||||
COPY ssh_host_* /etc/ssh/
|
||||
COPY ssh1_host_* /etc/ssh/
|
||||
COPY moduli_1024 /usr/local/etc/moduli
|
||||
|
||||
COPY debug.sh /debug.sh
|
||||
|
136
test/docker/expected_results/openssh_4.0p1_test1.txt
Normal file
136
test/docker/expected_results/openssh_4.0p1_test1.txt
Normal file
@ -0,0 +1,136 @@
|
||||
[0;36m# general[0m
|
||||
[0;32m(gen) banner: SSH-1.99-OpenSSH_4.0[0m
|
||||
[0;31m(gen) protocol SSH1 enabled[0m
|
||||
[0;32m(gen) software: OpenSSH 4.0[0m
|
||||
[0;32m(gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
|
||||
[0;32m(gen) compression: enabled (zlib)[0m
|
||||
|
||||
[0;36m# security[0m
|
||||
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
||||
[0;33m(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
|
||||
[0;33m(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages[0m
|
||||
[0;33m(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
|
||||
[0;33m(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
|
||||
[0;33m(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
|
||||
[0;33m(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
|
||||
[0;33m(cve) CVE-2008-5161 -- (CVSSv2: 2.6) recover plaintext data from ciphertext[0m
|
||||
[0;33m(cve) CVE-2008-4109 -- (CVSSv2: 5.0) cause DoS via multiple login attempts (slot exhaustion)[0m
|
||||
[0;33m(cve) CVE-2008-1657 -- (CVSSv2: 6.5) bypass command restrictions via modifying session file[0m
|
||||
[0;33m(cve) CVE-2008-1483 -- (CVSSv2: 6.9) hijack forwarded X11 connections[0m
|
||||
[0;33m(cve) CVE-2007-4752 -- (CVSSv2: 7.5) privilege escalation via causing an X client to be trusted[0m
|
||||
[0;33m(cve) CVE-2007-2243 -- (CVSSv2: 5.0) discover valid usernames through different responses[0m
|
||||
[0;33m(cve) CVE-2006-5052 -- (CVSSv2: 5.0) discover valid usernames through different responses[0m
|
||||
[0;31m(cve) CVE-2006-5051 -- (CVSSv2: 9.3) cause DoS or execute arbitrary code (double free)[0m
|
||||
[0;33m(cve) CVE-2006-4924 -- (CVSSv2: 7.8) cause DoS via crafted packet (CPU consumption)[0m
|
||||
[0;33m(cve) CVE-2006-0225 -- (CVSSv2: 4.6) execute arbitrary code[0m
|
||||
[0;33m(cve) CVE-2005-2798 -- (CVSSv2: 5.0) leak data about authentication credentials[0m
|
||||
|
||||
[0;36m# key exchange algorithms[0m
|
||||
[0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
||||
[0;33m `- [warn] using weak hashing algorithm[0m
|
||||
`- [info] available since OpenSSH 2.3.0
|
||||
[0;33m(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm[0m
|
||||
`- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
|
||||
[0;31m(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;31m `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack[0m
|
||||
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||
[0;33m `- [warn] using weak hashing algorithm[0m
|
||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||
|
||||
[0;36m# host-key algorithms[0m
|
||||
[0;31m(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
|
||||
[0;31m(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
|
||||
[0;33m `- [warn] using small 1024-bit modulus[0m
|
||||
[0;33m `- [warn] using weak random number generator could reveal the key[0m
|
||||
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
|
||||
|
||||
[0;36m# encryption algorithms (ciphers)[0m
|
||||
[0;31m(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher mode[0m
|
||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
|
||||
[0;31m(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher[0m
|
||||
[0;33m `- [warn] using weak cipher mode[0m
|
||||
[0;33m `- [warn] using small 64-bit block size[0m
|
||||
`- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
|
||||
[0;31m(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;31m `- [fail] disabled since Dropbear SSH 0.53[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher mode[0m
|
||||
[0;33m `- [warn] using small 64-bit block size[0m
|
||||
`- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
|
||||
[0;31m(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher mode[0m
|
||||
[0;33m `- [warn] using small 64-bit block size[0m
|
||||
`- [info] available since OpenSSH 2.1.0
|
||||
[0;31m(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher[0m
|
||||
`- [info] available since OpenSSH 2.1.0
|
||||
[0;31m(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher mode[0m
|
||||
`- [info] available since OpenSSH 2.3.0
|
||||
[0;31m(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher mode[0m
|
||||
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
|
||||
[0;31m(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using weak cipher mode[0m
|
||||
`- [info] available since OpenSSH 2.3.0
|
||||
[0;32m(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
|
||||
[0;32m(enc) aes192-ctr -- [info] available since OpenSSH 3.7[0m
|
||||
[0;32m(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
|
||||
|
||||
[0;36m# message authentication code algorithms[0m
|
||||
[0;31m(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using encrypt-and-MAC mode[0m
|
||||
[0;33m `- [warn] using weak hashing algorithm[0m
|
||||
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
|
||||
[0;33m(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode[0m
|
||||
[0;33m `- [warn] using weak hashing algorithm[0m
|
||||
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
|
||||
[0;31m(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using encrypt-and-MAC mode[0m
|
||||
`- [info] available since OpenSSH 2.5.0
|
||||
[0;31m(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using encrypt-and-MAC mode[0m
|
||||
`- [info] available since OpenSSH 2.1.0
|
||||
[0;31m(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using encrypt-and-MAC mode[0m
|
||||
[0;33m `- [warn] using weak hashing algorithm[0m
|
||||
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
|
||||
[0;31m(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
|
||||
[0;33m `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
|
||||
[0;33m `- [warn] using encrypt-and-MAC mode[0m
|
||||
[0;33m `- [warn] using weak hashing algorithm[0m
|
||||
`- [info] available since OpenSSH 2.5.0
|
||||
|
||||
[0;36m# fingerprints[0m
|
||||
[0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m
|
||||
|
||||
[0;36m# algorithm recommendations (for OpenSSH 4.0)[0m
|
||||
[0;31m(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
|
||||
[0;31m(rec) -3des-cbc -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -aes128-cbc -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -aes192-cbc -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -aes256-cbc -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -arcfour -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -blowfish-cbc -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -cast128-cbc -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove [0m
|
||||
[0;31m(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove [0m
|
||||
[0;31m(rec) -hmac-md5 -- mac algorithm to remove [0m
|
||||
[0;31m(rec) -hmac-md5-96 -- mac algorithm to remove [0m
|
||||
[0;31m(rec) -hmac-ripemd160 -- mac algorithm to remove [0m
|
||||
[0;31m(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove [0m
|
||||
[0;31m(rec) -hmac-sha1-96 -- mac algorithm to remove [0m
|
||||
[0;31m(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove [0m
|
||||
[0;31m(rec) -ssh-dss -- key algorithm to remove [0m
|
||||
|
BIN
test/docker/ssh1_host_key
Normal file
BIN
test/docker/ssh1_host_key
Normal file
Binary file not shown.
1
test/docker/ssh1_host_key.pub
Normal file
1
test/docker/ssh1_host_key.pub
Normal file
@ -0,0 +1 @@
|
||||
1024 35 150823875409720459951648542224727752099073441604930026287525797402159071426070997897033651155038337251362080634963146983947007228274330777134724953282680928153520263171933106732090266742784258910450489054624715996015082463159338507115031336180486071622718809324273851629938883104520608180885444242395900180011 root@ubuntu1604server
|
Loading…
Reference in New Issue
Block a user