ssh-audit
ssh-audit copied to clipboard
jtesta
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
Hi! I'm working on a product, that needs to implement ssh / scp themselves. I've read a dozens of rfc's myself already, but still would rather not implement everything myself....
With GSSAPIKeyExchange enabled on openssh, ssh-audit does not recognize most of the kex algorithms for it, and flags them as unknown, except for `gss-group14-sha256-`, which it shows as green. The...
I've verified that the version installed on Arch is indeed coming from the jtesta fork: ``` [root@2e9f9f9f8cdf /]# grep PRETTY /etc/os-release PRETTY_NAME="Arch Linux" [root@2e9f9f9f8cdf /]# ssh-audit --version | head -n...
Just leaving this SSH comparison chart here in case some documentation page comes along to soak this up. https://ssh-comparison.quendi.de/comparison/cipher.html
Hi, We had some guys in our project running an audit with this tool. They got the following message.  Now they want to remove the support for these MAC...
In February 2020, OpenSSH issued a "Future Deprecation Notice" of the ssh-rsa algorithm, see https://www.openssh.com/txt/release-8.2. Then in August 2021, OpenSSH raised this to an "Imminent Deprecation Notice", see https://www.openssh.com/txt/release-8.7. Finally...
All CBC should be red and have the CBC note, including CBC that are red for other reasons. Server `[email protected]` is black in the web client and green in the...
Since the client order determines what is selected, for the client audit add a warning on poor order. For JSCH-0.1.54 JSCH Client server hostkey algorithms: `ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521` `ssh-dss` should not be...
Thank you for ssh-audit, it has been a helpful tool for me so far! I've added a hardening guide for Aruba's ArubaOS Switch (AOS-S) 16.11 to the wiki, while trying...
`ssh-audit` on Ubuntu 20.10 is currently at version 2.2.0, the maintainer is the _Ubuntu MOTU Developers_, see: https://packages.ubuntu.com/groovy/ssh-audit I _think_ that the _Ubuntu MOTU Developers_ pull the package from Debian,...