pt/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-09-19 12:09:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Enable HostKeyTest to extract ECDSA and DSA keys

Browse Source 
Their certificate-embedded counterparts are enabled as well.

As with RSA, it *is* possible for DSA keys to be of variable length (not
just 1024 bits), so I've added `{'variable_key_len': True}` to the relevant
`HOST_KEY_TYPES` entries, although this key-value pair is otherwise unused.
This commit is contained in:
Daniel Lenski 2024-07-01 17:30:53 -07:00
parent 9049c8476a
commit 574a53d88e
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/ssh_audit/hostkeytest.py
View File

@ -55,6 +55,17 @@ class HostKeyTest:
'ssh-ed448': {'cert': False, 'variable_key_len': False}, 'ssh-ed448': {'cert': False, 'variable_key_len': False},
# 'ssh-ed448-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, # 'ssh-ed448-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
'ecdsa-sha2-nistp256': {'cert': False, 'variable_key_len': False},
'ecdsa-sha2-nistp384': {'cert': False, 'variable_key_len': False},
'ecdsa-sha2-nistp521': {'cert': False, 'variable_key_len': False},
'ecdsa-sha2-nistp256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
'ecdsa-sha2-nistp384-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
'ecdsa-sha2-nistp521-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
'ssh-dss': {'cert': False, 'variable_key_len': True},
'ssh-dss-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
} }
TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength' TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength'