4f9a630de4
Added Debian 13 policies and hardening guides.
2025-09-01 18:22:46 -04:00
f821565ff9
Renamed hardeningguides.py.
2025-09-01 17:39:07 -04:00
062a1f3cb4
Updated changelog message for version 2 of Ubuntu Server 24 policy.
2025-09-01 16:43:59 -04:00
c900874406
Added policy option to allow host key subsets and/or reorderings.
2025-09-01 16:22:40 -04:00
0382cf9b2d
Aside from linking to online hardening guides, mention that built-in guides are also available.
2025-08-30 16:26:57 -04:00
d8d90a3a89
Dropped support for Python 3.8, as it reached its end-of-life in October 2024.
2025-08-24 15:50:58 -04:00
aaa7d24565
Updated GEX fallback detection for OpenSSH 10.0 and later, as version 9.9 was the last to include it. ( #310 )
2025-08-24 15:41:14 -04:00
d3b1551520
Added OpenSSH 10.0 policy.
2025-08-24 12:52:22 -04:00
970d747dcb
Smoothed out some rough edges from PR #307 .
2025-08-17 16:34:32 -04:00
1c0d3d5df1
print config v2 Issue #191 ( #307 )
...
* print config v2
- printconfig script
- test_printconfig for tox testing
- update globals for GUIDES_UPDATED date value
- update ssh_audit for print_config argument and checks
* pr307 update 1
* pr307 update 2
* pr307 - attempt 2
* Update ssh_audit.py
Missed a TAB
2025-08-17 16:05:14 -04:00
4845a8fdee
Updated README.
2025-08-06 08:40:36 -04:00
11a902cb14
Removed SSHv1 support ( #298 ).
2025-07-26 19:57:11 -04:00
b456bb31b9
Added note on mlkem768x25519-sha256 that it is the default key exchange since OpenSSH 10.0.
2025-06-16 18:59:36 -04:00
32085b2fa5
Added two new ciphers: AEAD_CAMELLIA_128_GCM, AEAD_CAMELLIA_256_GCM.
2025-05-18 18:46:40 -04:00
5ddd8cca5b
Added 2 new key exchanges: mlkem768nistp256-sha256, mlkem1024nistp384-sha384.
2025-04-18 18:29:18 -04:00
b90db2c1af
Fixed mypy failure.
2025-04-18 17:06:29 -04:00
68c827c239
Update LICENSE ( #319 )
...
Updated year
2025-04-18 16:27:44 -04:00
e318787a5c
Batch mode no longer automatically enables verbose mode.
2024-12-05 10:06:58 -05:00
d9c703c777
When running against multiple hosts, now prints each target host regardless of output level. ( #309 )
2024-12-05 09:41:26 -05:00
28a1e23986
Added warnings to all key exchanges that do not provide protection against quantum attacks.
2024-11-25 15:56:51 -05:00
a01baadfa8
Additional cleanups after merging #304 .
2024-11-22 12:28:02 -05:00
45abc3aaf4
Argparse v3 - RC1 ( #304 )
...
* Argparse v3 - RC1
* Argparse v3 - RC1
Argparse v3 RC1 - post feedback
Argparse v3 - RC2
2024-11-22 12:26:20 -05:00
99c64787d9
Updated description of -m option.
2024-10-16 16:39:11 -04:00
3fa62c3ac5
Fixed man page parsing error. ( #301 )
2024-10-16 16:23:20 -04:00
d7fff591fa
Bumped version to v3.4.0-dev.
2024-10-15 18:30:08 -04:00
84647ecb32
Updated packaging notes.
2024-10-15 18:29:25 -04:00
772204ce8b
Bumped version to v3.3.0.
2024-10-15 13:28:38 -04:00
c0133a8d5f
Listing built-in policies will now hide older versions, unless -v is used.
2024-10-11 15:43:09 -04:00
3220043aaf
Added note regarding hardening instructions.
2024-10-10 16:10:52 -04:00
40ed92bbe6
Run tests against stable version of Python 3.13.
2024-10-10 16:06:18 -04:00
720150b471
Issue a warning if an out-dated policy is used.
2024-10-10 15:57:29 -04:00
d0628f6eb4
Updated ext-info-c and ext-info-s key exchanges to include versions of OpenSSH they were first included in. ( #291 )
2024-10-07 17:41:39 -04:00
1e060a94c0
Updated built-in server and client policies for Amazon Linux 2023.
2024-10-01 18:15:02 -04:00
8563c2925b
Updated built-in client policy for Debian 12.
2024-10-01 17:48:49 -04:00
556306be5e
Updated built-in client policy for Rocky Linux 9.
2024-10-01 17:39:42 -04:00
7ab6d20454
Updated built-in client policy for Ubuntu 22.04.
2024-10-01 17:32:49 -04:00
1f1a51d591
Updated Ubuntu 22.04 built-in policy.
2024-10-01 17:06:03 -04:00
77a63de133
Updated Rocky Linux 9 built-in policy.
2024-10-01 16:21:23 -04:00
cffa126277
Updated Debian 12 built-in policy. ( #283 )
2024-10-01 15:01:44 -04:00
dc615cef7f
Fixed DH rate testing on Windows. ( #261 )
2024-09-28 18:39:55 -04:00
cb6142c609
Ignore mypy errors on colorama import.
2024-09-28 17:43:32 -04:00
629008e55e
Updated test commands.
2024-09-26 18:34:40 -04:00
016a5d89f7
Updated Github Actions workflow to use Tox through pip instead of the platform version.
2024-09-26 18:31:21 -04:00
93b30b4258
Removed version-based CVE information. ( #240 )
2024-09-26 13:15:58 -04:00
3b8a75e407
Server kex/host key parsing failures no longer output a stack trace unless in debug mode.
2024-09-25 17:34:18 -04:00
67e11f82b3
Updated --targets description.
2024-09-25 17:12:16 -04:00
2cd96f1785
Ensure ECDSA and DSS fingerprints are only output in verbose mode. Clean up Docker tests from merge of #286 .
2024-09-25 17:05:17 -04:00
a4b78b752e
Enable HostKeyTest to extract ECDSA and DSA keys ( #286 )
...
Their certificate-embedded counterparts are enabled as well.
As with RSA, it *is* possible for DSA keys to be of variable length (not
just 1024 bits), so I've added `{'variable_key_len': True}` to the relevant
`HOST_KEY_TYPES` entries, although this key-value pair is otherwise unused.
2024-09-25 16:57:03 -04:00
ac540c8b5f
Created FUNDING.yml.
2024-09-25 16:20:45 -04:00
e11492b7a3
Updated shields.
2024-09-25 16:07:01 -04:00
