Parse public key sizes for 'rsa-sha2-256-cert-v01@openssh.com' and 'rsa-sha2-512-cert-v01@openssh.com' host key types. Include expected CA key sizes in built-in policies.

2025-09-03 18:38:32 +02:00 · 2020-10-19 17:42:12 -04:00
parent 046c866da4
commit 8fa3a12057
3 changed files with 9 additions and 5 deletions
--- a/src/ssh_audit/hostkeytest.py
+++ b/src/ssh_audit/hostkeytest.py
@ -45,7 +45,9 @@ class HostKeyTest:
        'rsa-sha2-256': {'cert': False, 'variable_key_len': True},
        'rsa-sha2-512': {'cert': False, 'variable_key_len': True},

-        'ssh-rsa-cert-v01@openssh.com':     {'cert': True, 'variable_key_len': True},
+        'ssh-rsa-cert-v01@openssh.com':      {'cert': True, 'variable_key_len': True},
+        'rsa-sha2-256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
+        'rsa-sha2-512-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},

        'ssh-ed25519':                      {'cert': False, 'variable_key_len': False},
        'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},