averello/ssh-audit_mirror
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-12-16 12:01:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated ext-info-c and ext-info-s key exchanges to include versions of OpenSSH they were first included in. (#291)

Browse Source
This commit is contained in:
Joe Testa
2024-10-07 17:41:39 -04:00
parent 1e060a94c0
commit d0628f6eb4
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssh_audit/algorithms.py
View File

@@ -172,8 +172,11 @@ class Algorithms:
if fc > 0:
faults += pow(10, 2 - i) * fc
if n not in alg_list:
# Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server.
if faults > 0 or (alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or empty_version:
# Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server. Also don't recommend 'ext-info-[cs]' nor 'kex-strict-[cs]-v00@openssh.com' key exchanges.
if faults > 0 or \
(alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or \
(alg_type == 'kex' and (n.startswith('ext-info-') or n.startswith('kex-strict-'))) or \
empty_version:
continue
rec[sshv][alg_type]['add'][n] = 0
else: