| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: ssh-audit | Distribution: SUSE Linux Enterprise 15 SP4 |
| Version: 2.5.0 | Vendor: openSUSE |
| Release: bp154.1.21 | Build date: Mon May 9 11:18:54 2022 |
| Group: Productivity/Security | Build host: lamb53 |
| Size: 665794 | Source RPM: ssh-audit-2.5.0-bp154.1.21.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/jtesta/ssh-audit | |
| Summary: SSH server auditing | |
ssh-audit is a tool for ssh server auditing. Features: * SSH1 and SSH2 protocol server support; * grab banner, recognize device or software and operating system, detect compression; * gather key-exchange, host-key, encryption and message authentication code algorithms; * output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc); * output algorithm recommendations (append or remove based on recognized software version); * output security information (related issues, assigned CVE list, etc); * analyze SSH version compatibility based on algorithm information; * historical information from OpenSSH, Dropbear SSH and libssh;
MIT
* Mon Aug 30 2021 Martin Hauke <mardnh@gmx.de>
- Require correct python version
* Thu Aug 26 2021 Martin Hauke <mardnh@gmx.de>
- Update to version 2.5.0
* Fixed crash when running host key tests.
* Handles server connection failures more gracefully.
* Now prints JSON with indents when -jj is used (useful for
debugging).
* Added MD5 fingerprints to verbose output.
* Added -d/--debug option for getting debugging output.
* Updated JSON output to include MD5 fingerprints. Note that
this results in a breaking change in the 'fingerprints'
dictionary format.
* Updated OpenSSH 8.1 (and earlier) policies to include
rsa-sha2-512 and rsa-sha2-256.
* Added OpenSSH v8.6 & v8.7 policies.
* Added 3 new key exchanges:
+ gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==
+ gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==
+ gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
* Added 3 new MACs:
+ hmac-ripemd160-96
+ AEAD_AES_128_GCM
+ AEAD_AES_256_GCM
* Mon Mar 01 2021 Martin Hauke <mardnh@gmx.de>
- Update to version 2.4.0
* Added multi-threaded scanning support.
* Added version check for OpenSSH user enumeration
(CVE-2018-15473).
* Added deprecation note to host key types based on SHA-1.
* Added extra warnings for SSHv1.
* Added built-in hardened OpenSSH v8.5 policy.
* Upgraded warnings to failures for host key types based on SHA-1
* Fixed crash when receiving unexpected response during host key
test.
* Fixed hang against older Cisco devices during host key test &
gex test.
* Fixed improper termination while scanning multiple targets when
one target returns an error.
* Dropped support for Python 3.5 (which reached EOL in Sept.2020)
* Added 1 new key exchange: sntrup761x25519-sha512@openssh.com.
* Fri Oct 30 2020 Martin Hauke <mardnh@gmx.de>
- Update to version 2.3.1
* Now parses public key sizes for
rsa-sha2-256-cert-v01@openssh.com and
rsa-sha2-512-cert-v01@openssh.com host key types.
* Flag ssh-rsa-cert-v01@openssh.com as a failure due to SHA-1
hash.
* Fixed bug in recommendation output which suppressed some
algorithms inappropriately.
* Built-in policies now include CA key requirements (if
certificates are in use).
* Lookup function (--lookup) now performs case-insensitive
lookups of similar algorithms.
* Migrated pre-made policies from external files to internal
database.
* Split single 3,500 line script into many files (by class).
* Added setup.py support
* Added 1 new cipher: des-cbc@ssh.com.
- Install manpage
- Use py-* rpm macros
* Mon Sep 28 2020 Martin Hauke <mardnh@gmx.de>
- Update to version 2.3.0
The highlight of this release is support for policy scanning
(this allows an admin to test a server against a
hardened/standard configuration).
* Added new policy auditing functionality to test adherence to
a hardening guide/standard configuration
(see -L/--list-policies, -M/--make-policy and -P/--policy).
* Created new man page (see ssh-audit.1 file).
* 1024-bit moduli upgraded from warnings to failures.
* Many Python 2 code clean-ups, testing framework improvements,
pylint & flake8 fixes, and mypy type comments.
* Added feature to look up algorithms in internal database
(see --lookup)
* Suppress recommendation of token host key types.
* Added check for use-after-free vulnerability in PuTTY v0.73.
* Added 11 new host key types: ssh-rsa1, ssh-dss-sha256@ssh.com,
ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512,
spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256,
x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521,
x509v3-rsa2048-sha256.
* Added 8 new key exchanges: diffie-hellman-group1-sha256,
kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-,
gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-,
gss-curve25519-sha256-.
* Added 5 new ciphers: blowfish, AEAD_AES_128_GCM,
AEAD_AES_256_GCM, crypticore128@ssh.com, seed-cbc@ssh.com.
* Added 3 new MACs: chacha20-poly1305@openssh.com, hmac-sha3-224,
crypticore-mac@ssh.com.
- Update ssh-audit.keyring
* Wed Mar 11 2020 Martin Hauke <mardnh@gmx.de>
- Update to version 2.2.0
* Marked host key type ssh-rsa as weak due to practical SHA-1
collisions.
* Added 10 new host key types:
ecdsa-sha2-1.3.132.0.10, x509v3-sign-dss, x509v3-sign-rsa,
x509v3-sign-rsa-sha256@ssh.com,
x509v3-ssh-dss, x509v3-ssh-rsa,
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,
sk-ssh-ed25519-cert-v01@openssh.com,
and sk-ssh-ed25519@openssh.com.
* Added 18 new key exchanges:
diffie-hellman-group14-sha256@ssh.com,
diffie-hellman-group15-sha256@ssh.com,
diffie-hellman-group15-sha384@ssh.com,
diffie-hellman-group16-sha384@ssh.com,
diffie-hellman-group16-sha512@ssh.com,
diffie-hellman-group18-sha512@ssh.com,
ecdh-sha2-curve25519, ecdh-sha2-nistb233,
ecdh-sha2-nistb409, ecdh-sha2-nistk163,
ecdh-sha2-nistk233, ecdh-sha2-nistk283,
ecdh-sha2-nistk409, ecdh-sha2-nistp192,
ecdh-sha2-nistp224, ecdh-sha2-nistt571,
gss-gex-sha1-, and gss-group1-sha1-.
* Added 9 new ciphers:
camellia128-cbc, camellia128-ctr, camellia192-cbc,
camellia192-ctr, camellia256-cbc, camellia256-ctr,
aes128-gcm, aes256-gcm, and chacha20-poly1305.
* Added 2 new MACs:
aes128-gcm and aes256-gcm.
* Tue Feb 04 2020 Martin Hauke <mardnh@gmx.de>
- Rename keyring to %name.keyring
* Mon Feb 03 2020 Martin Hauke <mardnh@gmx.de>
* Remove _service file; use download URL for all files
* Run spec-cleaner
* Don't package ssh-audit with the .py extension
* Run testsuite
* Sun Dec 29 2019 Lars Vogdt <lars@linux-schulserver.de>
- update to 2.1.1:
This maintenance release focuses on improving support for client testing.
The full changelog is:
+ Added 2 new host key types: rsa-sha2-256-cert-v01@openssh.com,
rsa-sha2-512-cert-v01@openssh.com.
+ Added 2 new ciphers: des, 3des.
+ Added 3 new PuTTY vulnerabilities.
+ During client testing, client IP address is now listed in output.
- added _service file
- add signatures for source verification
* Fri Nov 15 2019 Lars Vogdt <lars@linux-schulserver.de>
- update to 2.1.0:
The highlights of this release include client-testing functionality to audit
the protocols accepted by client software, a JSON output format, support for
new algorithms, and bugfixes. Below is the full changelog:
+ Added client software auditing functionality (see -c / --client-audit option).
+ Added JSON output option (see -j / --json option; credit Andreas Jaggi).
+ Fixed crash while scanning Solaris Sun_SSH.
* Wed Sep 25 2019 lars@linux-schulserver.de - 2.0.0
- initial version 2.0.0
/usr/bin/ssh-audit /usr/lib/python3.6/site-packages/ssh_audit /usr/lib/python3.6/site-packages/ssh_audit-2.5.0-py3.6.egg-info /usr/lib/python3.6/site-packages/ssh_audit-2.5.0-py3.6.egg-info/PKG-INFO /usr/lib/python3.6/site-packages/ssh_audit-2.5.0-py3.6.egg-info/SOURCES.txt /usr/lib/python3.6/site-packages/ssh_audit-2.5.0-py3.6.egg-info/dependency_links.txt /usr/lib/python3.6/site-packages/ssh_audit-2.5.0-py3.6.egg-info/entry_points.txt /usr/lib/python3.6/site-packages/ssh_audit-2.5.0-py3.6.egg-info/top_level.txt /usr/lib/python3.6/site-packages/ssh_audit/__init__.py /usr/lib/python3.6/site-packages/ssh_audit/__main__.py /usr/lib/python3.6/site-packages/ssh_audit/__pycache__ /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/__init__.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/__init__.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/__main__.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/__main__.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/algorithm.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/algorithm.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/algorithms.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/algorithms.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/auditconf.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/auditconf.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/banner.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/banner.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/exitcodes.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/exitcodes.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/fingerprint.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/fingerprint.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/gextest.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/gextest.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/globals.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/globals.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/hostkeytest.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/hostkeytest.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/kexdh.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/kexdh.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/outputbuffer.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/outputbuffer.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/policy.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/policy.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/product.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/product.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/protocol.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/protocol.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/readbuf.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/readbuf.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/software.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/software.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1_crc32.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1_crc32.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1_kexdb.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1_kexdb.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1_publickeymessage.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh1_publickeymessage.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh2_kex.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh2_kex.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh2_kexdb.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh2_kexdb.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh2_kexparty.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh2_kexparty.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh_audit.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh_audit.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh_socket.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/ssh_socket.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/timeframe.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/timeframe.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/utils.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/utils.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/versionvulnerabilitydb.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/versionvulnerabilitydb.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/writebuf.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/ssh_audit/__pycache__/writebuf.cpython-36.pyc /usr/lib/python3.6/site-packages/ssh_audit/algorithm.py /usr/lib/python3.6/site-packages/ssh_audit/algorithms.py /usr/lib/python3.6/site-packages/ssh_audit/auditconf.py /usr/lib/python3.6/site-packages/ssh_audit/banner.py /usr/lib/python3.6/site-packages/ssh_audit/exitcodes.py /usr/lib/python3.6/site-packages/ssh_audit/fingerprint.py /usr/lib/python3.6/site-packages/ssh_audit/gextest.py /usr/lib/python3.6/site-packages/ssh_audit/globals.py /usr/lib/python3.6/site-packages/ssh_audit/hostkeytest.py /usr/lib/python3.6/site-packages/ssh_audit/kexdh.py /usr/lib/python3.6/site-packages/ssh_audit/outputbuffer.py /usr/lib/python3.6/site-packages/ssh_audit/policy.py /usr/lib/python3.6/site-packages/ssh_audit/product.py /usr/lib/python3.6/site-packages/ssh_audit/protocol.py /usr/lib/python3.6/site-packages/ssh_audit/readbuf.py /usr/lib/python3.6/site-packages/ssh_audit/software.py /usr/lib/python3.6/site-packages/ssh_audit/ssh1.py /usr/lib/python3.6/site-packages/ssh_audit/ssh1_crc32.py /usr/lib/python3.6/site-packages/ssh_audit/ssh1_kexdb.py /usr/lib/python3.6/site-packages/ssh_audit/ssh1_publickeymessage.py /usr/lib/python3.6/site-packages/ssh_audit/ssh2_kex.py /usr/lib/python3.6/site-packages/ssh_audit/ssh2_kexdb.py /usr/lib/python3.6/site-packages/ssh_audit/ssh2_kexparty.py /usr/lib/python3.6/site-packages/ssh_audit/ssh_audit.py /usr/lib/python3.6/site-packages/ssh_audit/ssh_socket.py /usr/lib/python3.6/site-packages/ssh_audit/timeframe.py /usr/lib/python3.6/site-packages/ssh_audit/utils.py /usr/lib/python3.6/site-packages/ssh_audit/versionvulnerabilitydb.py /usr/lib/python3.6/site-packages/ssh_audit/writebuf.py /usr/share/doc/packages/ssh-audit /usr/share/doc/packages/ssh-audit/README.md /usr/share/licenses/ssh-audit /usr/share/licenses/ssh-audit/LICENSE /usr/share/man/man1/ssh-audit.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 17:06:41 2024