SSH server auditing
ssh-audit is a tool for ssh server auditing.
Features:
* SSH1 and SSH2 protocol server support;
* grab banner, recognize device or software and operating system, detect compression;
* gather key-exchange, host-key, encryption and message authentication code algorithms;
* output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
* output algorithm recommendations (append or remove based on recognized software version);
* output security information (related issues, assigned CVE list, etc);
* analyze SSH version compatibility based on algorithm information;
* historical information from OpenSSH, Dropbear SSH and libssh;
* no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
- Links to security / ssh-audit
- Has a link diff
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:mnhauke/ssh-audit && cd $_
- Create Badge
Source Files (show unmerged sources)
Filename | Size | Changed |
---|---|---|
ssh-audit-3.2.0.tar.gz | 0000175715 172 KB | |
ssh-audit-3.2.0.tar.gz.sig | 0000000566 566 Bytes | |
ssh-audit.changes | 0000012569 12.3 KB | |
ssh-audit.keyring | 0000003106 3.03 KB | |
ssh-audit.spec | 0000002385 2.33 KB |
Latest Revision
- Update to version 3.2.0 * Added implementation of the DHEat denial-of-service attack (see --dheat option; CVE-2002-20001). * Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. It now includes more rarely found ciphers. * Fixed parsing of ecdsa-sha2-nistp* CA signatures on host keys. Additionally, they are now flagged as potentially back-doored, just as standard host keys are. * Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests. * Built-in policies now include a change log (use -L -v to view them). * Custom policies now support the allow_algorithm_subset_and_reordering directive to allow targets to pass with a subset and/or re-ordered list of host keys, kex, ciphers, and MACs. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; * Custom policies now support the allow_larger_keys directive to allow targets to pass with larger host keys, CA keys, and Diffie-Hellman keys. This allows for the creation of a baseline policy where targets can optionally implement stricter controls * Color output is disabled if the NO_COLOR environment variable is set (see https://no-color.org/). * Added 1 new key exchange algorithm: gss-nistp384-sha384-*. * Added 1 new cipher: aes128-ocb@libassh.org.
Comments 0