mirror of
https://github.com/jtesta/ssh-audit.git
synced 2025-10-31 13:35:26 +01:00
Added hmac-sha512 and hmac-sha512@ssh.com MACs. Added diffie-hellman-group17-sha512 key exchange.
This commit is contained in:
Joe Testa
@@ -46,9 +46,9 @@ usage: ssh-audit.py [-1246pbnvlt] <host>
|
|||||||
- Added RSA certificate key length test.
|
- Added RSA certificate key length test.
|
||||||
- Added Diffie-Hellman modulus size test.
|
- Added Diffie-Hellman modulus size test.
|
||||||
- Now outputs host key fingerprints for RSA and ED25519.
|
- Now outputs host key fingerprints for RSA and ED25519.
|
||||||
- Added 2 new key exchanges: `sntrup4591761x25519-sha512@tinyssh.org`, `diffie-hellman-group-exchange-sha256@ssh.com`.
|
- Added 3 new key exchanges: `sntrup4591761x25519-sha512@tinyssh.org`, `diffie-hellman-group-exchange-sha256@ssh.com`, `diffie-hellman-group17-sha512`.
|
||||||
- Added 3 new encryption algorithms: `des-cbc-ssh1`, `blowfish-ctr`, `twofish-ctr`.
|
- Added 3 new encryption algorithms: `des-cbc-ssh1`, `blowfish-ctr`, `twofish-ctr`.
|
||||||
- Added 8 new MACs: `hmac-sha2-56`, `hmac-sha2-224`, `hmac-sha2-384`, `hmac-sha3-256`, `hmac-sha3-384`, `hmac-sha3-512`, `hmac-sha256`, `hmac-sha256@ssh.com`.
|
- Added 10 new MACs: `hmac-sha2-56`, `hmac-sha2-224`, `hmac-sha2-384`, `hmac-sha3-256`, `hmac-sha3-384`, `hmac-sha3-512`, `hmac-sha256`, `hmac-sha256@ssh.com`, `hmac-sha512`, `hmac-512@ssh.com`.
|
||||||
- Added command line argument (-t / --timeout) for connection & reading timeouts.
|
- Added command line argument (-t / --timeout) for connection & reading timeouts.
|
||||||
- Updated CVEs for libssh & Dropbear.
|
- Updated CVEs for libssh & Dropbear.
|
||||||
|
|
||||||
|
|||||||
@@ -322,6 +322,7 @@ class SSH2(object): # pylint: disable=too-few-public-methods
|
|||||||
'diffie-hellman-group14-sha256': [['7.3,d2016.73']],
|
'diffie-hellman-group14-sha256': [['7.3,d2016.73']],
|
||||||
'diffie-hellman-group15-sha512': [[]],
|
'diffie-hellman-group15-sha512': [[]],
|
||||||
'diffie-hellman-group16-sha512': [['7.3,d2016.73']],
|
'diffie-hellman-group16-sha512': [['7.3,d2016.73']],
|
||||||
|
'diffie-hellman-group17-sha512': [[]],
|
||||||
'diffie-hellman-group18-sha512': [['7.3']],
|
'diffie-hellman-group18-sha512': [['7.3']],
|
||||||
'diffie-hellman-group-exchange-sha1': [['2.3.0', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]],
|
'diffie-hellman-group-exchange-sha1': [['2.3.0', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]],
|
||||||
'diffie-hellman-group-exchange-sha256': [['4.4']],
|
'diffie-hellman-group-exchange-sha256': [['4.4']],
|
||||||
@@ -410,6 +411,8 @@ class SSH2(object): # pylint: disable=too-few-public-methods
|
|||||||
'hmac-sha3-512': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
'hmac-sha3-512': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
||||||
'hmac-sha256': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
'hmac-sha256': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
||||||
'hmac-sha256@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
'hmac-sha256@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
||||||
|
'hmac-sha512': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
||||||
|
'hmac-sha512@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]],
|
||||||
'hmac-md5': [['2.1.0,d0.28', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
|
'hmac-md5': [['2.1.0,d0.28', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
|
||||||
'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
|
'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
|
||||||
'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]],
|
'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]],
|
||||||
|
|||||||
Reference in New Issue
Block a user