Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ssh-audit-3.0.0-1.1 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

Name: ssh-audit Distribution: openSUSE:Factory:zSystems
Version: 3.0.0 Vendor: openSUSE
Release: 1.1 Build date: Tue Sep 12 23:03:56 2023
Group: Productivity/Security Build host: s390zl25
Size: 738400 Source RPM: ssh-audit-3.0.0-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/jtesta/ssh-audit
Summary: SSH server auditing
ssh-audit is a tool for ssh server auditing.

Features:
 * SSH1 and SSH2 protocol server support;
 * grab banner, recognize device or software and operating system, detect compression;
 * gather key-exchange, host-key, encryption and message authentication code algorithms;
 * output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
 * output algorithm recommendations (append or remove based on recognized software version);
 * output security information (related issues, assigned CVE list, etc);
 * analyze SSH version compatibility based on algorithm information;
 * historical information from OpenSSH, Dropbear SSH and libssh;

Provides

Requires

License

MIT

Changelog

* Sat Sep 09 2023 Martin Hauke <mardnh@gmx.de>
  - Update to version 3.0.0
    * Results from concurrent scans against multiple hosts are no
      longer improperly combined.
    * Hostname resolution failure no longer causes scans against
      multiple hosts to terminate unexpectedly.
    * Algorithm recommendations resulting from warnings are now
      printed in yellow instead of red.
    * Added failure, warning, and info notes to JSON output (note
      that this results in a breaking change to the banner protocol,
      "enc", and "mac" fields).
    * Fixed crash during GEX tests.
    * Refined GEX testing against OpenSSH servers: when the fallback
      mechanism is suspected of being triggered, perform an
      additional test to obtain more accurate results.
    * The color of all notes will be printed in green when the
      related algorithm is rated good.
    * Prioritized host key certificate algorithms for Ubuntu
      22.04 LTS client policy.
    * Marked all NIST K-, B-, and T-curves as unproven since they
      are so rarely used.
    * Added built-in policy for OpenSSH 9.4.
    * Added 12 new host keys
    * Added 15 new key exchanges.
    * Added 8 new ciphers.
    * Added 14 new MACs.
* Mon May 01 2023 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.9.0
    * Dropped support for Python 3.6
    * Updated CVE database.
    * Added -g and --gex-test for granular GEX modulus size tests.
    * JSON 'target' field now always includes port number.
    * JSON output now includes recommendations and CVE data.
    * Mixed host key/CA key types (i.e.: RSA host keys signed with
      ED25519 CAs, etc.) are now properly handled.
    * Warnings are now printed for 2048-bit moduli.
    * SHA-1 algorithms now cause failures.
    * CBC mode ciphers are now warnings instead of failures.
    * Generic failure/warning messages replaced with more specific
      reasons (i.e.:'using weak cipher' => 'using broken RC4 cipher')
    * Updated built-in policies to include missing host key size
      information.
    * Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2,
      and 9.3.
    * Added 33 new host keys.
    * Added 46 new key exchanges.
    * Added 28 new ciphers.
    * Added 5 new MACs.
* Mon Aug 30 2021 Martin Hauke <mardnh@gmx.de>
  - Require correct python version
* Thu Aug 26 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.5.0
    * Fixed crash when running host key tests.
    * Handles server connection failures more gracefully.
    * Now prints JSON with indents when -jj is used (useful for
      debugging).
    * Added MD5 fingerprints to verbose output.
    * Added -d/--debug option for getting debugging output.
    * Updated JSON output to include MD5 fingerprints. Note that
      this results in a breaking change in the 'fingerprints'
      dictionary format.
    * Updated OpenSSH 8.1 (and earlier) policies to include
      rsa-sha2-512 and rsa-sha2-256.
    * Added OpenSSH v8.6 & v8.7 policies.
    * Added 3 new key exchanges:
      + gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==
      + gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==
      + gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
    * Added 3 new MACs:
      + hmac-ripemd160-96
      + AEAD_AES_128_GCM
      + AEAD_AES_256_GCM
* Mon Mar 01 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.4.0
    * Added multi-threaded scanning support.
    * Added version check for OpenSSH user enumeration
      (CVE-2018-15473).
    * Added deprecation note to host key types based on SHA-1.
    * Added extra warnings for SSHv1.
    * Added built-in hardened OpenSSH v8.5 policy.
    * Upgraded warnings to failures for host key types based on SHA-1
    * Fixed crash when receiving unexpected response during host key
      test.
    * Fixed hang against older Cisco devices during host key test &
      gex test.
    * Fixed improper termination while scanning multiple targets when
      one target returns an error.
    * Dropped support for Python 3.5 (which reached EOL in Sept.2020)
    * Added 1 new key exchange: sntrup761x25519-sha512@openssh.com.
* Fri Oct 30 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.3.1
    * Now parses public key sizes for
      rsa-sha2-256-cert-v01@openssh.com and
      rsa-sha2-512-cert-v01@openssh.com host key types.
    * Flag ssh-rsa-cert-v01@openssh.com as a failure due to SHA-1
      hash.
    * Fixed bug in recommendation output which suppressed some
      algorithms inappropriately.
    * Built-in policies now include CA key requirements (if
      certificates are in use).
    * Lookup function (--lookup) now performs case-insensitive
      lookups of similar algorithms.
    * Migrated pre-made policies from external files to internal
      database.
    * Split single 3,500 line script into many files (by class).
    * Added setup.py support
    * Added 1 new cipher: des-cbc@ssh.com.
  - Install manpage
  - Use py-* rpm macros
* Mon Sep 28 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.3.0
    The highlight of this release is support for policy scanning
    (this allows an admin to test a server against a
    hardened/standard configuration).
    * Added new policy auditing functionality to test adherence to
      a hardening guide/standard configuration
      (see -L/--list-policies, -M/--make-policy and -P/--policy).
    * Created new man page (see ssh-audit.1 file).
    * 1024-bit moduli upgraded from warnings to failures.
    * Many Python 2 code clean-ups, testing framework improvements,
      pylint & flake8 fixes, and mypy type comments.
    * Added feature to look up algorithms in internal database
      (see --lookup)
    * Suppress recommendation of token host key types.
    * Added check for use-after-free vulnerability in PuTTY v0.73.
    * Added 11 new host key types: ssh-rsa1, ssh-dss-sha256@ssh.com,
      ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512,
      spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256,
      x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521,
      x509v3-rsa2048-sha256.
    * Added 8 new key exchanges: diffie-hellman-group1-sha256,
      kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-,
      gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-,
      gss-curve25519-sha256-.
    * Added 5 new ciphers: blowfish, AEAD_AES_128_GCM,
      AEAD_AES_256_GCM, crypticore128@ssh.com, seed-cbc@ssh.com.
    * Added 3 new MACs: chacha20-poly1305@openssh.com, hmac-sha3-224,
      crypticore-mac@ssh.com.
  - Update ssh-audit.keyring
* Wed Mar 11 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.2.0
    * Marked host key type ssh-rsa as weak due to practical SHA-1
      collisions.
    * Added 10 new host key types:
      ecdsa-sha2-1.3.132.0.10, x509v3-sign-dss, x509v3-sign-rsa,
      x509v3-sign-rsa-sha256@ssh.com,
      x509v3-ssh-dss, x509v3-ssh-rsa,
      sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
      sk-ecdsa-sha2-nistp256@openssh.com,
      sk-ssh-ed25519-cert-v01@openssh.com,
      and sk-ssh-ed25519@openssh.com.
    * Added 18 new key exchanges:
      diffie-hellman-group14-sha256@ssh.com,
      diffie-hellman-group15-sha256@ssh.com,
      diffie-hellman-group15-sha384@ssh.com,
      diffie-hellman-group16-sha384@ssh.com,
      diffie-hellman-group16-sha512@ssh.com,
      diffie-hellman-group18-sha512@ssh.com,
      ecdh-sha2-curve25519, ecdh-sha2-nistb233,
      ecdh-sha2-nistb409, ecdh-sha2-nistk163,
      ecdh-sha2-nistk233, ecdh-sha2-nistk283,
      ecdh-sha2-nistk409, ecdh-sha2-nistp192,
      ecdh-sha2-nistp224, ecdh-sha2-nistt571,
      gss-gex-sha1-, and gss-group1-sha1-.
    * Added 9 new ciphers:
      camellia128-cbc, camellia128-ctr, camellia192-cbc,
      camellia192-ctr, camellia256-cbc, camellia256-ctr,
      aes128-gcm, aes256-gcm, and chacha20-poly1305.
    * Added 2 new MACs:
      aes128-gcm and aes256-gcm.
* Tue Feb 04 2020 Martin Hauke <mardnh@gmx.de>
  - Rename keyring to %name.keyring
* Mon Feb 03 2020 Martin Hauke <mardnh@gmx.de>
  * Remove _service file; use download URL for all files
    * Run spec-cleaner
    * Don't package ssh-audit with the .py extension
    * Run testsuite

Files

/usr/bin/ssh-audit
/usr/lib/python3.11/site-packages/ssh_audit
/usr/lib/python3.11/site-packages/ssh_audit-3.0.0-py3.11.egg-info
/usr/lib/python3.11/site-packages/ssh_audit-3.0.0-py3.11.egg-info/PKG-INFO
/usr/lib/python3.11/site-packages/ssh_audit-3.0.0-py3.11.egg-info/SOURCES.txt
/usr/lib/python3.11/site-packages/ssh_audit-3.0.0-py3.11.egg-info/dependency_links.txt
/usr/lib/python3.11/site-packages/ssh_audit-3.0.0-py3.11.egg-info/entry_points.txt
/usr/lib/python3.11/site-packages/ssh_audit-3.0.0-py3.11.egg-info/top_level.txt
/usr/lib/python3.11/site-packages/ssh_audit/__init__.py
/usr/lib/python3.11/site-packages/ssh_audit/__main__.py
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/__init__.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/__init__.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/__main__.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/__main__.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/algorithm.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/algorithm.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/algorithms.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/algorithms.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/auditconf.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/auditconf.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/banner.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/banner.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/exitcodes.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/exitcodes.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/fingerprint.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/fingerprint.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/gextest.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/gextest.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/globals.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/globals.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/hostkeytest.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/hostkeytest.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/kexdh.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/kexdh.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/outputbuffer.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/outputbuffer.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/policy.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/policy.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/product.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/product.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/protocol.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/protocol.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/readbuf.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/readbuf.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/software.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/software.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1_crc32.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1_crc32.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1_kexdb.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1_kexdb.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1_publickeymessage.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh1_publickeymessage.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh2_kex.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh2_kex.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh2_kexdb.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh2_kexdb.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh2_kexparty.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh2_kexparty.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh_audit.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh_audit.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh_socket.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/ssh_socket.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/timeframe.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/timeframe.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/utils.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/utils.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/versionvulnerabilitydb.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/versionvulnerabilitydb.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/writebuf.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/ssh_audit/__pycache__/writebuf.cpython-311.pyc
/usr/lib/python3.11/site-packages/ssh_audit/algorithm.py
/usr/lib/python3.11/site-packages/ssh_audit/algorithms.py
/usr/lib/python3.11/site-packages/ssh_audit/auditconf.py
/usr/lib/python3.11/site-packages/ssh_audit/banner.py
/usr/lib/python3.11/site-packages/ssh_audit/exitcodes.py
/usr/lib/python3.11/site-packages/ssh_audit/fingerprint.py
/usr/lib/python3.11/site-packages/ssh_audit/gextest.py
/usr/lib/python3.11/site-packages/ssh_audit/globals.py
/usr/lib/python3.11/site-packages/ssh_audit/hostkeytest.py
/usr/lib/python3.11/site-packages/ssh_audit/kexdh.py
/usr/lib/python3.11/site-packages/ssh_audit/outputbuffer.py
/usr/lib/python3.11/site-packages/ssh_audit/policy.py
/usr/lib/python3.11/site-packages/ssh_audit/product.py
/usr/lib/python3.11/site-packages/ssh_audit/protocol.py
/usr/lib/python3.11/site-packages/ssh_audit/readbuf.py
/usr/lib/python3.11/site-packages/ssh_audit/software.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh1.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh1_crc32.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh1_kexdb.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh1_publickeymessage.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh2_kex.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh2_kexdb.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh2_kexparty.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh_audit.py
/usr/lib/python3.11/site-packages/ssh_audit/ssh_socket.py
/usr/lib/python3.11/site-packages/ssh_audit/timeframe.py
/usr/lib/python3.11/site-packages/ssh_audit/utils.py
/usr/lib/python3.11/site-packages/ssh_audit/versionvulnerabilitydb.py
/usr/lib/python3.11/site-packages/ssh_audit/writebuf.py
/usr/share/doc/packages/ssh-audit
/usr/share/doc/packages/ssh-audit/README.md
/usr/share/licenses/ssh-audit
/usr/share/licenses/ssh-audit/LICENSE
/usr/share/man/man1/ssh-audit.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jan 9 12:40:01 2024