mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-25 12:01:40 +01:00
Suppress recommendation of token host key types.
This commit is contained in:
parent
4b314a55ef
commit
edc363db60
@ -70,6 +70,7 @@ $ snap install ssh-audit
|
||||
|
||||
## ChangeLog
|
||||
### v2.2.1-dev (???)
|
||||
- Suppress recommendation of token host key types.
|
||||
- Added 1 new host key types: `ssh-rsa1`.
|
||||
- Added 1 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`.
|
||||
- Added 2 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`.
|
||||
|
@ -1837,7 +1837,8 @@ class SSH(object): # pylint: disable=too-few-public-methods
|
||||
if fc > 0:
|
||||
faults += pow(10, 2 - i) * fc
|
||||
if n not in alg_list:
|
||||
if faults > 0 or (alg_type == 'key' and '-cert-' in n) or empty_version:
|
||||
# Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server.
|
||||
if faults > 0 or (alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or empty_version:
|
||||
continue
|
||||
rec[sshv][alg_type]['add'][n] = 0
|
||||
else:
|
||||
|
Loading…
Reference in New Issue
Block a user