ssh-logjam

[freb]

ssh-hostkey uses the fetch_host_key

This function includes a kexchange that we could probably reuse to get the prime size

https://github.com/nmap/nmap/blob/a7638f57c88cb1b5da949147729fca76a0f332c5/nselib/ssh2.lua#L224-L249

We should be able to grab the modulus/prime size from there. But we can't guarantee that the negotiated kex algorithms will be the vulnerable ones. Basically, if the host supports group1-sha1 then it is vulnerable, but we need to check the modulus size for a group-exchange-sha1.