thecliguy

Please can you: * Run `ssh-audit --help` and provide the first line of output. * Run your ssh-audit command but with the addition of the `--debug` parameter and paste the...

Hi, Thanks for providing the additional information requested. When ssh-audit is used against a server it acts as a client. The majority of the information that ssh-audit obtains is gathered...

Keep in mind that these are warnings rather than failures. The warning note relates to the use of `encrypt-and-mac` mode. I'd suggest that you research what the current prevailing consensus...

@jtesta Hi Joe, sorry to chase... I'm happy to submit the PR for this myself but before doing so just wanted to get your opinion on this: > should I...

@severach A policy audit might provide the functionality you seek... * Configure your SSH client so it is adheres to your security requirements. * Build a policy file modeled on...

@czchen Please can you advise how often `ssh-audit` is updated in Debian unstable? The current package in Debian unstable is 2.2.0, whereas the most recent release of `ssh-audit` is [2.3.1](https://github.com/jtesta/ssh-audit/releases/tag/v2.3.1)....

FYI - Today I raised a ticket with Debian asking if there are any issues preventing new upstream versions of ssh-audit from being packaged and added to Debian unstable.

@jtesta Unfortunately there's been no reply to the ticket I opened on 24th February. So we don't know why the current package maintainer for Debian has stopped packaging new versions...

It's great to see that [v2.5.0](https://github.com/jtesta/ssh-audit/releases/tag/v2.5.0) of ssh-audit which was released on 26 Aug 2021 was quickly packaged into Debian unstable just three days later on 29 Aug 2021 _(according...

Hi Joe - In a nutshell, I'm proposing that we consider adding functionality to ssh-audit so that it can scan for pubkey auth algorithms. I think it would be fascinating...