Debug Logging and visibility of SSH Connection errors (#99)

* Debug Logging and visibility of SSH Connection errors * Updated date in man page
2025-09-07 20:32:58 +02:00 · 2021-03-02 16:06:40 +00:00
parent c483fe1861
commit 83bd049486
7 changed files with 67 additions and 28 deletions
--- a/src/ssh_audit/gextest.py
+++ b/src/ssh_audit/gextest.py
@ -30,6 +30,7 @@ from ssh_audit.kexdh import KexGroupExchange_SHA1, KexGroupExchange_SHA256
 from ssh_audit.ssh2_kexdb import SSH2_KexDB
 from ssh_audit.ssh2_kex import SSH2_Kex
 from ssh_audit.ssh_socket import SSH_Socket
+from ssh_audit.outputbuffer import OutputBuffer


 # Performs DH group exchanges to find what moduli are supported, and checks
@ -38,22 +39,24 @@ class GEXTest:

    # Creates a new connection to the server.  Returns True on success, or False.
    @staticmethod
-    def reconnect(s: 'SSH_Socket', kex: 'SSH2_Kex', gex_alg: str) -> bool:
+    def reconnect(out: 'OutputBuffer', s: 'SSH_Socket', kex: 'SSH2_Kex', gex_alg: str) -> bool:
        if s.is_connected():
            return True

-        err = s.connect()
+        err = s.connect(out)
        if err is not None:
+            out.v(err, write_now=True)
            return False

-        _, _, err = s.get_banner()
+        _, _, err = s.get_banner(out)
        if err is not None:
+            out.v(err, write_now=True)
            s.close()
            return False

        # Send our KEX using the specified group-exchange and most of the
        # server's own values.
-        s.send_kexinit(key_exchanges=[gex_alg], hostkeys=kex.key_algorithms, ciphers=kex.server.encryption, macs=kex.server.mac, compressions=kex.server.compression, languages=kex.server.languages)
+        s.send_kexinit(out, key_exchanges=[gex_alg], hostkeys=kex.key_algorithms, ciphers=kex.server.encryption, macs=kex.server.mac, compressions=kex.server.compression, languages=kex.server.languages)

        # Parse the server's KEX.
        _, payload = s.read_packet(2)
@ -63,7 +66,7 @@ class GEXTest:

    # Runs the DH moduli test against the specified target.
    @staticmethod
-    def run(s: 'SSH_Socket', kex: 'SSH2_Kex') -> None:
+    def run(out: 'OutputBuffer', s: 'SSH_Socket', kex: 'SSH2_Kex') -> None:
        GEX_ALGS = {
            'diffie-hellman-group-exchange-sha1': KexGroupExchange_SHA1,
            'diffie-hellman-group-exchange-sha256': KexGroupExchange_SHA256,
@ -79,8 +82,9 @@ class GEXTest:
        # algorithms.  If so, test each one.
        for gex_alg in GEX_ALGS:
            if gex_alg in kex.kex_algorithms:
+                out.d('Preparing to perform DH group exchange using ' + gex_alg + '...', write_now=True)

-                if GEXTest.reconnect(s, kex, gex_alg) is False:
+                if GEXTest.reconnect(out, s, kex, gex_alg) is False:
                    break

                kex_group = GEX_ALGS[gex_alg]()
@ -110,7 +114,9 @@ class GEXTest:
                    if bits >= smallest_modulus > 0:
                        break

-                    if GEXTest.reconnect(s, kex, gex_alg) is False:
+                    out.d('Preparing to perform DH group exchange using ' + gex_alg + ' with modulus size ' + str(bits) + '...', write_now=True)
+
+                    if GEXTest.reconnect(out, s, kex, gex_alg) is False:
                        reconnect_failed = True
                        break