ssh-audit icon indicating copy to clipboard operation
ssh-audit copied to clipboard

Published 20 hours ago verified publisher icon arthepsy

[Feature] Output sshd_config parameters

Open goranpejovic opened this issue 9 years ago • 3 comments
trafficstars

Very neat tool, thanks for making it!

I think it would be neat to have a flag which would output 'good' sshd_config config line. Something that crossed my mind while I was testing my ssh servers.

Thanks, G

goranpejovic avatar Oct 17 '16 19:10 goranpejovic

Yeah, something like https://mozilla.github.io/server-side-tls/ssl-config-generator (cli only, of course) would be very handy

Yamakaky avatar Oct 31 '16 15:10 Yamakaky

+1

bajtpop avatar Sep 19 '17 10:09 bajtpop

This is a semi hard problem.

It pertains to various vendors who make their own SSH server and their constant renaming of various aspect of SSH KeX, ciphers, MAC, and cipher suite that are being sent/received over the SSH control channel plane.

I should know, I audit some of the vendors.

And this tool isn't the place to start adding multi-versioning of various config settings used by the SSH control channel across several SSH vendors, just to get to these proper setting.

I mean, we could do it (like I am doing with named.conf for ISC Bind9 in Python3) but it is explosively huge and this is bash script language.

egberts avatar May 20 '22 14:05 egberts