mirror of https://github.com/jtesta/ssh-audit.git
Enable HostKeyTest to extract ECDSA and DSA keys (#286)
Their certificate-embedded counterparts are enabled as well. As with RSA, it *is* possible for DSA keys to be of variable length (not just 1024 bits), so I've added `{'variable_key_len': True}` to the relevant `HOST_KEY_TYPES` entries, although this key-value pair is otherwise unused.
This commit is contained in:
parent
ac540c8b5f
commit
a4b78b752e
|
@ -55,6 +55,17 @@ class HostKeyTest:
|
||||||
|
|
||||||
'ssh-ed448': {'cert': False, 'variable_key_len': False},
|
'ssh-ed448': {'cert': False, 'variable_key_len': False},
|
||||||
# 'ssh-ed448-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
|
# 'ssh-ed448-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
|
||||||
|
|
||||||
|
'ecdsa-sha2-nistp256': {'cert': False, 'variable_key_len': False},
|
||||||
|
'ecdsa-sha2-nistp384': {'cert': False, 'variable_key_len': False},
|
||||||
|
'ecdsa-sha2-nistp521': {'cert': False, 'variable_key_len': False},
|
||||||
|
|
||||||
|
'ecdsa-sha2-nistp256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
|
||||||
|
'ecdsa-sha2-nistp384-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
|
||||||
|
'ecdsa-sha2-nistp521-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
|
||||||
|
|
||||||
|
'ssh-dss': {'cert': False, 'variable_key_len': True},
|
||||||
|
'ssh-dss-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
|
||||||
}
|
}
|
||||||
|
|
||||||
TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength'
|
TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength'
|
||||||
|
|
Loading…
Reference in New Issue