ssh-audit icon indicating copy to clipboard operation
ssh-audit copied to clipboard
verified publisher icon jtesta

Update GEX fallback processing for OpenSSH

Open jtesta opened this issue 1 year ago • 1 comments

After over 7 years, the OpenSSH project seems to have accepted my patch to remove the Diffie-Hellman group exchange fallback mechanism! See: https://bugzilla.mindrot.org/show_bug.cgi?id=2793

It sounds like a variation of my patch will go into the next release (v10.0). Assuming it works the way I imagine it, ssh-audit can restrict the current post-processing logic to only OpenSSH v9.9 and lower. Hence, against v10.0 and above, ssh-audit will report the exact results it gets without having to explain any subtleties of the results to the user.

jtesta avatar Dec 04 '24 02:12 jtesta

The patch was committed in https://github.com/openssh/openssh-portable/commit/97eb247f40167f44324e88a537d5b4fe771a63b2.

jtesta avatar Dec 05 '24 21:12 jtesta

Completed in https://github.com/jtesta/ssh-audit/commit/aaa7d245657264492e3e3b483141b1e40408ec91.

jtesta avatar Aug 31 '25 19:08 jtesta