mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-09-19 12:09:45 -04:00
Added support for host key 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com' (#149).
This commit is contained in:
Joe Testa
parent
b9520cbc25
commit
d429b543d0
@ -32,7 +32,7 @@
|
|||||||
- historical information from OpenSSH, Dropbear SSH and libssh;
|
- historical information from OpenSSH, Dropbear SSH and libssh;
|
||||||
- policy scans to ensure adherence to a hardened/standard configuration;
|
- policy scans to ensure adherence to a hardened/standard configuration;
|
||||||
- runs on Linux and Windows;
|
- runs on Linux and Windows;
|
||||||
- supports Python 3.6 - 3.9;
|
- supports Python 3.7 - 3.10;
|
||||||
- no dependencies
|
- no dependencies
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
@ -173,11 +173,14 @@ For convenience, a web front-end on top of the command-line tool is available at
|
|||||||
## ChangeLog
|
## ChangeLog
|
||||||
|
|
||||||
### v2.6.0-dev
|
### v2.6.0-dev
|
||||||
|
- Dropped support for Python 3.6, as it reached EOL at the end of 2021.
|
||||||
|
- Added Ubuntu Server 22.04 hardening policy.
|
||||||
- Removed experimental warning tag from `sntrup761x25519-sha512@openssh.com`.
|
- Removed experimental warning tag from `sntrup761x25519-sha512@openssh.com`.
|
||||||
- Updated CVE database; credit [Alexandre Zanni](https://github.com/noraj).
|
- Updated CVE database; credit [Alexandre Zanni](https://github.com/noraj).
|
||||||
- Added `-g` and `--gex-test` for granular GEX modulus size tests; credit [Adam Russell](https://github.com/thecliguy).
|
- Added `-g` and `--gex-test` for granular GEX modulus size tests; credit [Adam Russell](https://github.com/thecliguy).
|
||||||
- Snap packages now print more user-friendly error messages when permission errors are encountered.
|
- Snap packages now print more user-friendly error messages when permission errors are encountered.
|
||||||
- JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337).
|
- JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337).
|
||||||
|
- Added 1 new host key: `webauthn-sk-ecdsa-sha2-nistp256@openssh.com`.
|
||||||
- Added 24 new key exchanges: `ecdh-sha2-1.3.132.0.1`, `ecdh-sha2-1.2.840.10045.3.1.1`, `ecdh-sha2-1.3.132.0.33`, `ecdh-sha2-1.3.132.0.26`, `ecdh-sha2-1.3.132.0.27`, `ecdh-sha2-1.2.840.10045.3.1.7`, `ecdh-sha2-1.3.132.0.16`, `ecdh-sha2-1.3.132.0.34`, `ecdh-sha2-1.3.132.0.36`, `ecdh-sha2-1.3.132.0.37`, `ecdh-sha2-1.3.132.0.35`, `ecdh-sha2-1.3.132.0.38`, `ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==`, `ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==`, `ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==`, `ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==`, `ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==`, `ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==`, `ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==`, `ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==`, `ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==`, `ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==`, `ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==`, `ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w==`.
|
- Added 24 new key exchanges: `ecdh-sha2-1.3.132.0.1`, `ecdh-sha2-1.2.840.10045.3.1.1`, `ecdh-sha2-1.3.132.0.33`, `ecdh-sha2-1.3.132.0.26`, `ecdh-sha2-1.3.132.0.27`, `ecdh-sha2-1.2.840.10045.3.1.7`, `ecdh-sha2-1.3.132.0.16`, `ecdh-sha2-1.3.132.0.34`, `ecdh-sha2-1.3.132.0.36`, `ecdh-sha2-1.3.132.0.37`, `ecdh-sha2-1.3.132.0.35`, `ecdh-sha2-1.3.132.0.38`, `ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==`, `ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==`, `ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==`, `ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==`, `ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==`, `ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==`, `ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==`, `ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==`, `ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==`, `ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==`, `ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==`, `ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w==`.
|
||||||
|
|
||||||
### v2.5.0 (2021-08-26)
|
### v2.5.0 (2021-08-26)
|
||||||
|
|||||||
@ -196,6 +196,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods
|
|||||||
'x509v3-ecdsa-sha2-nistp384': [[], [WARN_CURVES_WEAK]],
|
'x509v3-ecdsa-sha2-nistp384': [[], [WARN_CURVES_WEAK]],
|
||||||
'x509v3-ecdsa-sha2-nistp521': [[], [WARN_CURVES_WEAK]],
|
'x509v3-ecdsa-sha2-nistp521': [[], [WARN_CURVES_WEAK]],
|
||||||
'x509v3-rsa2048-sha256': [[]],
|
'x509v3-rsa2048-sha256': [[]],
|
||||||
|
'webauthn-sk-ecdsa-sha2-nistp256@openssh.com': [['8.3'], [WARN_CURVES_WEAK]],
|
||||||
},
|
},
|
||||||
'enc': {
|
'enc': {
|
||||||
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user