SSH server auditing
https://github.com/jtesta/ssh-audit
ssh-audit is a tool for ssh server auditing.
Features:
* SSH1 and SSH2 protocol server support;
* grab banner, recognize device or software and operating system, detect compression;
* gather key-exchange, host-key, encryption and message authentication code algorithms;
* output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
* output algorithm recommendations (append or remove based on recognized software version);
* output security information (related issues, assigned CVE list, etc);
* analyze SSH version compatibility based on algorithm information;
* historical information from OpenSSH, Dropbear SSH and libssh;
* no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
- Links to security / ssh-audit
- Has a link diff
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:mnhauke/ssh-audit && cd $_ - Create Badge
Refresh
Refresh
Source Files (show unmerged sources)
| Filename | Size | Changed |
|---|---|---|
| ssh-audit-3.2.0.tar.gz | 0000175715 172 KB | |
| ssh-audit-3.2.0.tar.gz.sig | 0000000566 566 Bytes | |
| ssh-audit.changes | 0000012569 12.3 KB | |
| ssh-audit.keyring | 0000003106 3.03 KB | |
| ssh-audit.spec | 0000002385 2.33 KB |
Latest Revision
Martin Hauke (mnhauke)
committed
(revision 18)
- Update to version 3.2.0
* Added implementation of the DHEat denial-of-service attack
(see --dheat option; CVE-2002-20001).
* Expanded filter of CBC ciphers to flag for the Terrapin
vulnerability. It now includes more rarely found ciphers.
* Fixed parsing of ecdsa-sha2-nistp* CA signatures on host keys.
Additionally, they are now flagged as potentially
back-doored, just as standard host keys are.
* Gracefully handle rare exceptions (i.e.: crashes) while
performing GEX tests.
* Built-in policies now include a change log (use -L -v to view
them).
* Custom policies now support the
allow_algorithm_subset_and_reordering directive to allow
targets to pass with a subset and/or re-ordered list of host
keys, kex, ciphers, and MACs. This allows for the creation of
a baseline policy where targets can optionally implement
stricter controls;
* Custom policies now support the allow_larger_keys directive to
allow targets to pass with larger host keys, CA keys, and
Diffie-Hellman keys. This allows for the creation of a baseline
policy where targets can optionally implement stricter controls
* Color output is disabled if the NO_COLOR environment variable
is set (see https://no-color.org/).
* Added 1 new key exchange algorithm: gss-nistp384-sha384-*.
* Added 1 new cipher: aes128-ocb@libassh.org.
Comments 0