SSH server auditing
https://github.com/jtesta/ssh-audit
ssh-audit is a tool for ssh server auditing.
Features:
* SSH1 and SSH2 protocol server support;
* grab banner, recognize device or software and operating system, detect compression;
* gather key-exchange, host-key, encryption and message authentication code algorithms;
* output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
* output algorithm recommendations (append or remove based on recognized software version);
* output security information (related issues, assigned CVE list, etc);
* analyze SSH version compatibility based on algorithm information;
* historical information from OpenSSH, Dropbear SSH and libssh;
* no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
- Links to security / ssh-audit
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:mnhauke/ssh-audit && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| _link | 0000000247 247 Bytes | |
| project.diff | 0000008346 8.15 KB | |
| ssh-audit-2.3.0.tar.gz | 0000110507 108 KB | |
| ssh-audit-2.3.0.tar.gz.sig | 0000000543 543 Bytes |
Revision 4 (latest revision is 21)
Martin Hauke (mnhauke)
committed
(revision 4)
- Update to versino 2.3.0
The highlight of this release is support for policy scanning
(this allows an admin to test a server against a
hardened/standard configuration).
* Added new policy auditing functionality to test adherence to
a hardening guide/standard configuration
(see -L/--list-policies, -M/--make-policy and -P/--policy).
* Created new man page (see ssh-audit.1 file).
* 1024-bit moduli upgraded from warnings to failures.
* Many Python 2 code clean-ups, testing framework improvements,
pylint & flake8 fixes, and mypy type comments.
* Added feature to look up algorithms in internal database
(see --lookup)
* Suppress recommendation of token host key types.
* Added check for use-after-free vulnerability in PuTTY v0.73.
* Added 11 new host key types: ssh-rsa1, ssh-dss-sha256@ssh.com,
ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512,
spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256,
x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521,
x509v3-rsa2048-sha256.
* Added 8 new key exchanges: diffie-hellman-group1-sha256,
kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-,
gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-,
gss-curve25519-sha256-.
* Added 5 new ciphers: blowfish, AEAD_AES_128_GCM,
AEAD_AES_256_GCM, crypticore128@ssh.com, seed-cbc@ssh.com.
* Added 3 new MACs: chacha20-poly1305@openssh.com, hmac-sha3-224,
crypticore-mac@ssh.com.
- Update ssh-audit.keyring
Comments 0