ssh-audit icon indicating copy to clipboard operation
ssh-audit copied to clipboard
verified publisher icon jtesta

GSSAPI kex methods not recognized

Open dodexahedron opened this issue 3 years ago • 0 comments

With GSSAPIKeyExchange enabled on openssh, ssh-audit does not recognize most of the kex algorithms for it, and flags them as unknown, except for gss-group14-sha256-, which it shows as green. The same algorithms are configured on my hosts with GSS as on the hosts without it, and they're known safe/strong algorithms that are shown in green for non-gss versions.

Looks like just missing entries for them in ssh2_kexdb.py. Entries needed, at least to support the systems I have in production, are:

'gss-curve25519-sha256-toWM5Slw5Ew8Mqkay+al2g==':[[]],
'gss-group16-sha512-toWM5Slw5Ew8Mqkay+al2g==': [[]],

I did not audit for other missing algorithms, so there may be others. More than happy to submit a pull request, if you like.

dodexahedron avatar Jul 21 '22 04:07 dodexahedron