pax_global_header00006660000000000000000000000064147035231060014513gustar00rootroot0000000000000052 comment=772204ce8bfbd1e0d5e1e88cb1a577a76e07315d ssh-audit-3.3.0/000077500000000000000000000000001470352310600134175ustar00rootroot00000000000000ssh-audit-3.3.0/.dockerignore000066400000000000000000000001041470352310600160660ustar00rootroot00000000000000src/ssh_audit/__pycache__/ src/ssh_audit.egg-info/ src/ssh_audit/*~ ssh-audit-3.3.0/.github/000077500000000000000000000000001470352310600147575ustar00rootroot00000000000000ssh-audit-3.3.0/.github/FUNDING.yml000066400000000000000000000000171470352310600165720ustar00rootroot00000000000000github: jtesta ssh-audit-3.3.0/.github/workflows/000077500000000000000000000000001470352310600170145ustar00rootroot00000000000000ssh-audit-3.3.0/.github/workflows/tox.yaml000066400000000000000000000011751470352310600205160ustar00rootroot00000000000000name: ssh-audit on: [push, pull_request] jobs: build: runs-on: ubuntu-latest strategy: matrix: python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | python3 -m pip install --upgrade pip python3 -m pip install -U codecov coveralls flake8 mypy pylint pytest tox - name: Run Tox run: | python3 -m tox ssh-audit-3.3.0/.gitignore000066400000000000000000000003721470352310600154110ustar00rootroot00000000000000*~ *.py[cod] *.exe *.asc venv*/ .cache/ .mypy_cache/ .tox .coverage* reports/ .scannerwork/ # PyPI packaging /build/ /dist/ *.egg-info/ *.egg # Snap packaging /parts/ /prime/ /snap/ /stage/ /ssh-audit_*.snap # Your local server config servers.txt ssh-audit-3.3.0/CONTRIBUTING.md000066400000000000000000000026441470352310600156560ustar00rootroot00000000000000# Contributing to ssh-audit We are very much open to receiving patches from the community! To encourage participation, passing CI tests, unit tests, etc., *is OPTIONAL*. As long as the patch works properly, it can be merged. However, if you can submit patches that pass all of our automated tests, then you'll lighten the load for the project maintainer (who already has enough to do!). This document describes what tests are done and what documentation is maintained. *Anything extra you can do is appreciated!* ## Tox Tests [Tox](https://tox.wiki/) is used to automate testing. Linting is done with [pylint](http://pylint.pycqa.org/en/latest/) & [flake8](https://flake8.pycqa.org/en/latest/), and static type-checking is done with [mypy](https://mypy.readthedocs.io/en/stable/). Install the required packages with `python3 -m pip install -U codecov coveralls flake8 mypy pylint pytest tox`, then run the tests with `python3 -m tox`. Look for any error messages in the (verbose) output. ## Docker Tests Docker is used to run ssh-audit against various real SSH servers (OpenSSH, Dropbear, and TinySSH). The output is then diff'ed against the expected result. Any differences result in failure. The docker tests are run with `./docker_test.sh`. ## Man Page The `ssh-audit.1` man page documents the various features of ssh-audit. If features are added, or significant behavior is modified, the man page needs to be updated. ssh-audit-3.3.0/Dockerfile000066400000000000000000000011331470352310600154070ustar00rootroot00000000000000# syntax=docker/dockerfile:latest FROM scratch AS files # Copy ssh-audit code to temporary container COPY ssh-audit.py / COPY src/ / FROM python:3-alpine AS runtime # Update the image to remediate any vulnerabilities. RUN apk upgrade -U --no-cache -a -l && \ # Remove suid & sgid bits from all files. find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true # Copy the ssh-audit code from files container. COPY --from=files / / # Allow listening on 2222/tcp for client auditing. EXPOSE 2222 # Drop root privileges. USER nobody:nogroup ENTRYPOINT ["python3", "/ssh-audit.py"] ssh-audit-3.3.0/LICENSE000066400000000000000000000022151470352310600144240ustar00rootroot00000000000000The MIT License (MIT) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ssh-audit-3.3.0/Makefile.docker000066400000000000000000000014351470352310600163300ustar00rootroot00000000000000VERSION = $(shell grep VERSION src/ssh_audit/globals.py | grep -E -o "'(v.*)'" | tr -d "'") ifeq ($(VERSION),) $(error "could not determine version!") endif all: ./add_builtin_man_page.sh docker buildx create --name multiarch --use || exit 0 docker buildx build \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ --tag positronsecurity/ssh-audit:${VERSION} \ --tag positronsecurity/ssh-audit:latest \ . docker buildx build \ --tag positronsecurity/ssh-audit:${VERSION} \ --tag positronsecurity/ssh-audit:latest \ --load \ --builder=multiarch \ . upload: docker login -u positronsecurity docker buildx build \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ --tag positronsecurity/ssh-audit:${VERSION} \ --tag positronsecurity/ssh-audit:latest \ --push \ . ssh-audit-3.3.0/Makefile.pypi000066400000000000000000000011761470352310600160440ustar00rootroot00000000000000all: ./add_builtin_man_page.sh rm -rf /tmp/pypi_upload virtualenv -p /usr/bin/python3 /tmp/pypi_upload/ cp -R src /tmp/pypi_upload/ cp setup.py setup.cfg README.md LICENSE /tmp/pypi_upload/ /bin/bash -c "pushd /tmp/pypi_upload/; source bin/activate; pip3 install -U setuptools twine build; pip3 install -U requests_toolbelt; python3 -m build" uploadtest: /bin/bash -c "pushd /tmp/pypi_upload; source bin/activate; python3 -m twine upload --repository testpypi /tmp/pypi_upload/dist/*" uploadprod: /bin/bash -c "pushd /tmp/pypi_upload; source bin/activate; twine upload /tmp/pypi_upload/dist/*" clean: rm -rf /tmp/pypi_upload/ ssh-audit-3.3.0/PACKAGING.md000066400000000000000000000041621470352310600152300ustar00rootroot00000000000000# Windows An executable can only be made on a Windows host because the PyInstaller tool (https://www.pyinstaller.org/) does not support cross-compilation. 1.) Install Python v3.x from https://www.python.org/. To make life easier, check the option to add Python to the PATH environment variable. 2.) Install Cygwin (https://www.cygwin.com/). 3.) Install/update package dependencies and create the executable with: ``` $ ./build_windows_executable.sh ``` # PyPI To create package and upload to test server (hint: use username '\_\_token\_\_' and API token for test.pypi.org): ``` $ sudo apt install python3-virtualenv python3.10-venv $ make -f Makefile.pypi $ make -f Makefile.pypi uploadtest ``` To download from test server and verify: ``` $ virtualenv -p /usr/bin/python3 /tmp/pypi_test $ cd /tmp/pypi_test; source bin/activate $ pip3 install --index-url https://test.pypi.org/simple ssh-audit ``` To upload to production server (hint: use username '\_\_token\_\_' and API token for production pypi.org): ``` $ make -f Makefile.pypi uploadprod ``` To download from production server and verify: ``` $ virtualenv -p /usr/bin/python3 /tmp/pypi_prod $ cd /tmp/pypi_prod; source bin/activate $ pip3 install ssh-audit ``` # Snap To create the snap package, run a fully-updated Ubuntu Server 22.04 VM. Create the snap package with: ``` $ ./build_snap.sh ``` Upload the snap with: ``` $ snapcraft export-login ~/snap_creds.txt $ export SNAPCRAFT_STORE_CREDENTIALS=$(cat ~/snap_creds.txt) $ snapcraft upload --release=beta ssh-audit_*.snap $ snapcraft status ssh-audit # Note the revision number of the beta channel. $ snapcraft release ssh-audit X stable # Fill in with the revision number. ``` # Docker Ensure that the buildx plugin is available by following the installation instructions available at: https://docs.docker.com/engine/install/ubuntu/ Build a local image with: ``` $ make -f Makefile.docker ``` Create a multi-architecture build and upload it to Dockerhub with (hint: use the API token as the password): ``` $ make -f Makefile.docker upload ``` ssh-audit-3.3.0/README.md000066400000000000000000000775411470352310600147140ustar00rootroot00000000000000# ssh-audit [![License](https://img.shields.io/badge/license-MIT-brightgreen.svg)](https://github.com/jtesta/ssh-audit/blob/master/LICENSE) [![Build Status](https://github.com/jtesta/ssh-audit/actions/workflows/tox.yaml/badge.svg)](https://github.com/jtesta/ssh-audit/actions) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/jtesta/ssh-audit/blob/master/CONTRIBUTING.md) [![PyPI Downloads](https://img.shields.io/pypi/dm/ssh-audit?label=pypi%20downloads&color=purple)](https://pypi.org/project/ssh-audit/) [![Homebrew Downloads](https://img.shields.io/homebrew/installs/dy/ssh-audit?label=homebrew%20downloads&color=teal)](https://formulae.brew.sh/formula/ssh-audit) [![Docker Pulls](https://img.shields.io/docker/pulls/positronsecurity/ssh-audit)](https://hub.docker.com/r/positronsecurity/ssh-audit) [![Snap Downloads](https://img.shields.io/badge/snap%20downloads-no%20idea-yellow.svg)](https://snapcraft.io/ssh-audit) [![Github Sponsors](https://img.shields.io/github/sponsors/jtesta?color=red)](https://github.com/sponsors/jtesta) **ssh-audit** is a tool for ssh server & client configuration auditing. [jtesta/ssh-audit](https://github.com/jtesta/ssh-audit/) (v2.0+) is the updated and maintained version of ssh-audit forked from [arthepsy/ssh-audit](https://github.com/arthepsy/ssh-audit) (v1.x) due to inactivity. - [Features](#features) - [Usage](#usage) - [Screenshots](#screenshots) - [Server Standard Audit Example](#server-standard-audit-example) - [Server Policy Audit Example](#server-policy-audit-example) - [Client Standard Audit Example](#client-standard-audit-example) - [Hardening Guides](#hardening-guides) - [Pre-Built Packages](#pre-built-packages) - [Web Front-End](#web-front-end) - [ChangeLog](#changelog) ## Features - SSH1 and SSH2 protocol server support; - analyze SSH client configuration; - grab banner, recognize device or software and operating system, detect compression; - gather key-exchange, host-key, encryption and message authentication code algorithms; - output algorithm security information (available since, removed/disabled, unsafe/weak/legacy, etc); - output algorithm recommendations (append or remove based on recognized software version); - analyze SSH version compatibility based on algorithm information; - historical information from OpenSSH, Dropbear SSH and libssh; - policy scans to ensure adherence to a hardened/standard configuration; - runs on Linux and Windows; - supports Python 3.8 - 3.13; - no dependencies ## Usage ``` usage: ssh-audit.py [options] -h, --help print this help -1, --ssh1 force ssh version 1 only -2, --ssh2 force ssh version 2 only -4, --ipv4 enable IPv4 (order of precedence) -6, --ipv6 enable IPv6 (order of precedence) -b, --batch batch output -c, --client-audit starts a server on port 2222 to audit client software config (use -p to change port; use -t to change timeout) --conn-rate-test=N[:max_rate] perform a connection rate test (useful for collecting metrics related to susceptibility of the DHEat vuln). Testing is conducted with N concurrent sockets with an optional maximum rate of connections per second. -d, --debug Enable debug output. --dheat=N[:kex[:e_len]] continuously perform the DHEat DoS attack (CVE-2002-20001) against the target using N concurrent sockets. Optionally, a specific key exchange algorithm can be specified instead of allowing it to be automatically chosen. Additionally, a small length of the fake e value sent to the server can be chosen for a more efficient attack (such as 4). -g, --gex-test= dh gex modulus size test -j, --json JSON output (use -jj to enable indents) -l, --level= minimum output level (info|warn|fail) -L, --list-policies list all the official, built-in policies. Use with -v to view policy change logs. --lookup= looks up an algorithm(s) without connecting to a server -m, --manual print the man page (Docker, PyPI, Snap, and Windows builds only) -M, --make-policy= creates a policy based on the target server (i.e.: the target server has the ideal configuration that other servers should adhere to) -n, --no-colors disable colors -p, --port= port to connect -P, --policy=<"policy name" | policy.txt> run a policy test using the specified policy --skip-rate-test skip the connection rate test during standard audits (used to safely infer whether the DHEat attack is viable) -t, --timeout= timeout (in seconds) for connection and reading (default: 5) -T, --targets= a file containing a list of target hosts (one per line, format HOST[:PORT]). Use -p/--port to set the default port for all hosts. Use --threads to control concurrent scans. --threads= number of threads to use when scanning multiple targets (-T/--targets) (default: 32) -v, --verbose verbose output ``` * if both IPv4 and IPv6 are used, order of precedence can be set by using either `-46` or `-64`. * batch flag `-b` will output sections without header and without empty lines (implies verbose flag). * verbose flag `-v` will prefix each line with section type and algorithm name. * an exit code of 0 is returned when all algorithms are considered secure (for a standard audit), or when a policy check passes (for a policy audit). Basic server auditing: ``` ssh-audit localhost ssh-audit 127.0.0.1 ssh-audit 127.0.0.1:222 ssh-audit ::1 ssh-audit [::1]:222 ``` To run a standard audit against many servers (place targets into servers.txt, one on each line in the format of `HOST[:PORT]`): ``` ssh-audit -T servers.txt ``` To audit a client configuration (listens on port 2222 by default; connect using `ssh -p 2222 anything@localhost`): ``` ssh-audit -c ``` To audit a client configuration, with a listener on port 4567: ``` ssh-audit -c -p 4567 ``` To list all official built-in policies (hint: use resulting policy names with `-P`/`--policy`): ``` ssh-audit -L ``` To run a policy audit against a server: ``` ssh-audit -P ["policy name" | path/to/server_policy.txt] targetserver ``` To run a policy audit against a client: ``` ssh-audit -c -P ["policy name" | path/to/client_policy.txt] ``` To run a policy audit against many servers: ``` ssh-audit -T servers.txt -P ["policy name" | path/to/server_policy.txt] ``` To create a policy based on a target server (which can be manually edited): ``` ssh-audit -M new_policy.txt targetserver ``` To run the DHEat CPU exhaustion DoS attack ([CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)) against a target using 10 concurrent sockets: ``` ssh-audit --dheat=10 targetserver ``` To run the DHEat attack using the `diffie-hellman-group-exchange-sha256` key exchange algorithm: ``` ssh-audit --dheat=10:diffie-hellman-group-exchange-sha256 targetserver ``` To run the DHEat attack using the `diffie-hellman-group-exchange-sha256` key exchange algorithm along with very small but non-standard packet lengths (this may result in the same CPU exhaustion, but with many less bytes per second being sent): ``` ssh-audit --dheat=10:diffie-hellman-group-exchange-sha256:4 targetserver ``` ## Screenshots ### Server Standard Audit Example Below is a screen shot of the standard server-auditing output when connecting to an unhardened OpenSSH v5.3 service: ![screenshot](https://user-images.githubusercontent.com/2982011/64388792-317e6f80-d00e-11e9-826e-a4934769bb07.png) ### Server Policy Audit Example Below is a screen shot of the policy auditing output when connecting to an un-hardened Ubuntu Server 20.04 machine (hint: use `-L`/`--list-policies` to see names of built-in policies to use with `-P`/`--policy`): ![screenshot](https://user-images.githubusercontent.com/2982011/94370881-95178700-00c0-11eb-8705-3157a4669dc0.png) After applying the steps in the hardening guide (see below), the output changes to the following: ![screenshot](https://user-images.githubusercontent.com/2982011/94370873-87620180-00c0-11eb-9a59-469f61a56ce1.png) ### Client Standard Audit Example Below is a screen shot of the client-auditing output when an unhardened OpenSSH v7.2 client connects: ![client_screenshot](https://user-images.githubusercontent.com/2982011/68867998-b946c100-06c4-11ea-975f-1f47e4178a74.png) ## Hardening Guides Guides to harden server & client configuration can be found here: [https://www.ssh-audit.com/hardening_guides.html](https://www.ssh-audit.com/hardening_guides.html) ## Pre-Built Packages Pre-built packages are available for Windows (see the [Releases](https://github.com/jtesta/ssh-audit/releases) page), PyPI, Snap, and Docker: To install from PyPI: ``` $ pip3 install ssh-audit ``` To install the Snap package: ``` $ snap install ssh-audit ``` To install from Dockerhub: ``` $ docker pull positronsecurity/ssh-audit ``` (Then run with: `docker run -it --rm -p 2222:2222 positronsecurity/ssh-audit 10.1.1.1`) The status of various other platform packages can be found below (via Repology): Packaging status ## Web Front-End For convenience, a web front-end on top of the command-line tool is available at [https://www.ssh-audit.com/](https://www.ssh-audit.com/). ## ChangeLog ### v3.3.0 (2024-10-15) - Added Python 3.13 support. - Added built-in policies for Ubuntu 24.04 LTS server & client, OpenSSH 9.8, and OpenSSH 9.9. - Added IPv6 support for DHEat and connection rate tests. - Added TCP port information to JSON policy scan results; credit [Fabian Malte Kopp](https://github.com/dreizehnutters). - Added LANcom LCOS server recognition and Ed448 key extraction; credit [Daniel Lenski](https://github.com/dlenskiSB). - Now reports ECDSA and DSS fingerprints when in verbose mode; partial credit [Daniel Lenski](https://github.com/dlenskiSB). - Removed CVE information based on server/client version numbers, as this was wildly inaccurate (see [this thread](https://github.com/jtesta/ssh-audit/issues/240) for the full discussion, as well as the results of the community vote on this matter). - Fixed crash when running with `-P` and `-T` options simultaneously. - Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB). - Fixed DHEat connection rate testing on MacOS X and BSD platforms; credit [Drew Noel](https://github.com/drewmnoel) and [Michael Osipov](https://github.com/michael-o). - Fixed invalid JSON output when a socket error occurs while performing a client audit. - Fixed `--conn-rate-test` feature on Windows. - When scanning multiple targets (using `-T`/`--targets`), the `-p`/`--port` option will now be used as the default port (set to 22 if `-p`/`--port` is not given). Hosts specified in the file can override this default with an explicit port number (i.e.: "host1:1234"). For example, when using `-T targets.txt -p 222`, all hosts in `targets.txt` that do not explicitly include a port number will default to 222; when using `-T targets.txt` (without `-p`), all hosts will use a default of 22. - Updated built-in server & client policies for Amazon Linux 2023, Debian 12, Rocky Linux 9, and Ubuntu 22.04 to improve host key efficiency and cipher resistance to quantum attacks. - Added 1 new cipher: `grasshopper-ctr128`. - Added 2 new key exchanges: `mlkem768x25519-sha256`, `sntrup761x25519-sha512`. ### v3.2.0 (2024-04-22) - Added implementation of the DHEat denial-of-service attack (see `--dheat` option; [CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)). - Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. It now includes more rarely found ciphers. - Fixed parsing of `ecdsa-sha2-nistp*` CA signatures on host keys. Additionally, they are now flagged as potentially back-doored, just as standard host keys are. - Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests. - The built-in man page (`-m`, `--manual`) is now available on Docker, PyPI, and Snap builds, in addition to the Windows build. - Snap builds are now architecture-independent. - Changed Docker base image from `python:3-slim` to `python:3-alpine`, resulting in a 59% reduction in image size; credit [Daniel Thamdrup](https://github.com/dallemon). - Added built-in policies for Amazon Linux 2023, Debian 12, OpenSSH 9.7, and Rocky Linux 9. - Built-in policies now include a change log (use `-L -v` to view them). - Custom policies now support the `allow_algorithm_subset_and_reordering` directive to allow targets to pass with a subset and/or re-ordered list of host keys, kex, ciphers, and MACs. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [yannik1015](https://github.com/yannik1015). - Custom policies now support the `allow_larger_keys` directive to allow targets to pass with larger host keys, CA keys, and Diffie-Hellman keys. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [Damian Szuberski](https://github.com/szubersk). - Color output is disabled if the `NO_COLOR` environment variable is set (see https://no-color.org/). - Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`. - Added 1 new cipher: `aes128-ocb@libassh.org`. ### v3.1.0 (2023-12-20) - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)). - Dropped support for Python 3.7 (EOL was reached in June 2023). - Added Python 3.12 support. - In server policies, reduced expected DH modulus sizes from 4096 to 3072 to match the [online hardening guides](https://ssh-audit.com/hardening_guides.html) (note that 3072-bit moduli provide the equivalent of 128-bit symmetric security). - In Ubuntu 22.04 client policy, moved host key types `sk-ssh-ed25519@openssh.com` and `ssh-ed25519` to the end of all certificate types. - Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange list changes due to Terrapin vulnerability patches. - Re-organized option host key types for OpenSSH 9.2 server policy to correspond with updated Debian 12 hardening guide. - Added built-in policies for OpenSSH 9.5 and 9.6. - Added an `additional_notes` field to the JSON output. ### v3.0.0 (2023-09-07) - Results from concurrent scans against multiple hosts are no longer improperly combined; bug discovered by [Adam Russell](https://github.com/thecliguy). - Hostname resolution failure no longer causes scans against multiple hosts to terminate unexpectedly; credit [Dani Cuesta](https://github.com/daniel-cues). - Algorithm recommendations resulting from warnings are now printed in yellow instead of red; credit [Adam Russell](https://github.com/thecliguy). - Added failure, warning, and info notes to JSON output (note that this results in a breaking change to the banner protocol, "enc", and "mac" fields); credit [Bareq Al-Azzawi](https://github.com/BareqAZ). - Docker Makefile now creates multi-arch builds for amd64, arm64, and armv7; credit [Sebastian Cohnen](https://github.com/tisba). - Fixed crash during GEX tests. - Refined GEX testing against OpenSSH servers: when the fallback mechanism is suspected of being triggered, perform an additional test to obtain more accurate results. - The color of all notes will be printed in green when the related algorithm is rated good. - Prioritized host key certificate algorithms for Ubuntu 22.04 LTS client policy. - Marked all NIST K-, B-, and T-curves as unproven since they are so rarely used. - Added built-in policy for OpenSSH 9.4. - Added 12 new host keys: `ecdsa-sha2-curve25519`, `ecdsa-sha2-nistb233`, `ecdsa-sha2-nistb409`, `ecdsa-sha2-nistk163`, `ecdsa-sha2-nistk233`, `ecdsa-sha2-nistk283`, `ecdsa-sha2-nistk409`, `ecdsa-sha2-nistp224`, `ecdsa-sha2-nistp192`, `ecdsa-sha2-nistt571`, `ssh-dsa`, `x509v3-sign-rsa-sha256`. - Added 15 new key exchanges: `curve448-sha512@libssh.org`, `ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org`, `ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org`, `ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org`, `ecdh-sha2-brainpoolp256r1@genua.de`, `ecdh-sha2-brainpoolp384r1@genua.de`, `ecdh-sha2-brainpoolp521r1@genua.de`, `kexAlgoDH14SHA1`, `kexAlgoDH1SHA1`, `kexAlgoECDH256`, `kexAlgoECDH384`, `kexAlgoECDH521`, `sm2kep-sha2-nistp256`, `x25519-kyber-512r3-sha256-d00@amazon.com`, `x25519-kyber512-sha512@aws.amazon.com`. - Added 8 new ciphers: `aes192-gcm@openssh.com`, `cast128-12-cbc`, `cast128-12-cfb`, `cast128-12-ecb`, `cast128-12-ofb`, `des-cfb`, `des-ecb`, `des-ofb`. - Added 14 new MACs: `cbcmac-3des`, `cbcmac-aes`, `cbcmac-blowfish`, `cbcmac-des`, `cbcmac-rijndael`, `cbcmac-twofish`, `hmac-sha256-96`, `md5`, `md5-8`, `ripemd160`, `ripemd160-8`, `sha1`, `sha1-8`, `umac-128`. ### v2.9.0 (2023-04-29) - Dropped support for Python 3.6, as it reached EOL at the end of 2021. - Added Ubuntu Server & Client 22.04 hardening policies. - Removed experimental warning tag from `sntrup761x25519-sha512@openssh.com`. - Updated CVE database; credit [Alexandre Zanni](https://github.com/noraj). - Added `-g` and `--gex-test` for granular GEX modulus size tests; credit [Adam Russell](https://github.com/thecliguy). - Snap packages now print more user-friendly error messages when permission errors are encountered. - JSON 'target' field now always includes port number; credit [tomatohater1337](https://github.com/tomatohater1337). - JSON output now includes recommendations and CVE data. - Mixed host key/CA key types (i.e.: RSA host keys signed with ED25519 CAs, etc.) are now properly handled. - Warnings are now printed for 2048-bit moduli; partial credit [Adam Russell](https://github.com/thecliguy). - SHA-1 algorithms now cause failures. - CBC mode ciphers are now warnings instead of failures. - Generic failure/warning messages replaced with more specific reasons (i.e.: 'using weak cipher' => 'using broken RC4 cipher'). - Updated built-in policies to include missing host key size information. - Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2, and 9.3. - Added 33 new host keys: `dsa2048-sha224@libassh.org`, `dsa2048-sha256@libassh.org`, `dsa3072-sha256@libassh.org`, `ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com`, `eddsa-e382-shake256@libassh.org`, `eddsa-e521-shake256@libassh.org`, `null`, `pgp-sign-dss`, `pgp-sign-rsa`, `spki-sign-dss`, `spki-sign-rsa`, `ssh-dss-sha224@ssh.com`, `ssh-dss-sha384@ssh.com`, `ssh-dss-sha512@ssh.com`, `ssh-ed448-cert-v01@openssh.com`, `ssh-rsa-sha224@ssh.com`, `ssh-rsa-sha2-256`, `ssh-rsa-sha2-512`, `ssh-rsa-sha384@ssh.com`, `ssh-rsa-sha512@ssh.com`, `ssh-xmss-cert-v01@openssh.com`, `ssh-xmss@openssh.com`, `webauthn-sk-ecdsa-sha2-nistp256@openssh.com`, `x509v3-ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss-sha1`, `x509v3-sign-dss-sha224@ssh.com`, `x509v3-sign-dss-sha256@ssh.com`, `x509v3-sign-dss-sha384@ssh.com`, `x509v3-sign-dss-sha512@ssh.com`, `x509v3-sign-rsa-sha1`, `x509v3-sign-rsa-sha224@ssh.com`, `x509v3-sign-rsa-sha384@ssh.com`, `x509v3-sign-rsa-sha512@ssh.com`. - Added 46 new key exchanges: `diffie-hellman-group14-sha224@ssh.com`, `diffie-hellman_group17-sha512`, `diffie-hellman-group-exchange-sha224@ssh.com`, `diffie-hellman-group-exchange-sha384@ssh.com`, `ecdh-sha2-1.2.840.10045.3.1.1`, `ecdh-sha2-1.2.840.10045.3.1.7`, `ecdh-sha2-1.3.132.0.1`, `ecdh-sha2-1.3.132.0.16`, `ecdh-sha2-1.3.132.0.26`, `ecdh-sha2-1.3.132.0.27`, `ecdh-sha2-1.3.132.0.33`, `ecdh-sha2-1.3.132.0.34`, `ecdh-sha2-1.3.132.0.35`, `ecdh-sha2-1.3.132.0.36`, `ecdh-sha2-1.3.132.0.37`, `ecdh-sha2-1.3.132.0.38`, `ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==`, `ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==`, `ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==`, `ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==`, `ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==`, `ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==`, `ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w==`, `ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==`, `ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==`, `ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==`, `ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==`, `ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==`, `ecmqv-sha2`, `gss-13.3.132.0.10-sha256-*`, `gss-curve25519-sha256-*`, `gss-curve448-sha512-*`, `gss-gex-sha1-*`, `gss-gex-sha256-*`, `gss-group14-sha1-*`, `gss-group14-sha256-*`, `gss-group15-sha512-*`, `gss-group16-sha512-*`, `gss-group17-sha512-*`, `gss-group18-sha512-*`, `gss-group1-sha1-*`, `gss-nistp256-sha256-*`, `gss-nistp384-sha256-*`, `gss-nistp521-sha512-*`, `m383-sha384@libassh.org`, `m511-sha512@libassh.org`. - Added 28 new ciphers: `3des-cfb`, `3des-ecb`, `3des-ofb`, `blowfish-cfb`, `blowfish-ecb`, `blowfish-ofb`, `camellia128-cbc@openssh.org`, `camellia128-ctr@openssh.org`, `camellia192-cbc@openssh.org`, `camellia192-ctr@openssh.org`, `camellia256-cbc@openssh.org`, `camellia256-ctr@openssh.org`, `cast128-cfb`, `cast128-ecb`, `cast128-ofb`, `cast128-12-cbc@ssh.com`, `idea-cfb`, `idea-ecb`, `idea-ofb`, `rijndael-cbc@ssh.com`, `seed-ctr@ssh.com`, `serpent128-gcm@libassh.org`, `serpent256-gcm@libassh.org`, `twofish128-gcm@libassh.org`, `twofish256-gcm@libassh.org`, `twofish-cfb`, `twofish-ecb`, `twofish-ofb` - Added 5 new MACs: `hmac-sha1-96@openssh.com`, `hmac-sha224@ssh.com`, `hmac-sha256-2@ssh.com`, `hmac-sha384@ssh.com`, `hmac-whirlpool`. ### v2.5.0 (2021-08-26) - Fixed crash when running host key tests. - Handles server connection failures more gracefully. - Now prints JSON with indents when `-jj` is used (useful for debugging). - Added MD5 fingerprints to verbose output. - Added `-d`/`--debug` option for getting debugging output; credit [Adam Russell](https://github.com/thecliguy). - Updated JSON output to include MD5 fingerprints. Note that this results in a breaking change in the 'fingerprints' dictionary format. - Updated OpenSSH 8.1 (and earlier) policies to include `rsa-sha2-512` and `rsa-sha2-256`. - Added OpenSSH v8.6 & v8.7 policies. - Added 3 new key exchanges: `gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==`, `gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==`, and `gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==`. - Added 3 new MACs: `hmac-ripemd160-96`, `AEAD_AES_128_GCM`, and `AEAD_AES_256_GCM`. ### v2.4.0 (2021-02-23) - Added multi-threaded scanning support. - Added built-in Windows manual page (see `-m`/`--manual`); credit [Adam Russell](https://github.com/thecliguy). - Added version check for OpenSSH user enumeration (CVE-2018-15473). - Added deprecation note to host key types based on SHA-1. - Added extra warnings for SSHv1. - Added built-in hardened OpenSSH v8.5 policy. - Upgraded warnings to failures for host key types based on SHA-1. - Fixed crash when receiving unexpected response during host key test. - Fixed hang against older Cisco devices during host key test & gex test. - Fixed improper termination while scanning multiple targets when one target returns an error. - Dropped support for Python 3.5 (which reached EOL in Sept. 2020). - Added 1 new key exchange: `sntrup761x25519-sha512@openssh.com`. ### v2.3.1 (2020-10-28) - Now parses public key sizes for `rsa-sha2-256-cert-v01@openssh.com` and `rsa-sha2-512-cert-v01@openssh.com` host key types. - Flag `ssh-rsa-cert-v01@openssh.com` as a failure due to SHA-1 hash. - Fixed bug in recommendation output which suppressed some algorithms inappropriately. - Built-in policies now include CA key requirements (if certificates are in use). - Lookup function (`--lookup`) now performs case-insensitive lookups of similar algorithms; credit [Adam Russell](https://github.com/thecliguy). - Migrated pre-made policies from external files to internal database. - Split single 3,500 line script into many files (by class). - Added setup.py support; credit [Ganden Schaffner](https://github.com/gschaffner). - Added 1 new cipher: `des-cbc@ssh.com`. ### v2.3.0 (2020-09-27) - Added new policy auditing functionality to test adherence to a hardening guide/standard configuration (see `-L`/`--list-policies`, `-M`/`--make-policy` and `-P`/`--policy`). For an in-depth tutorial, see . - Created new man page (see `ssh-audit.1` file). - 1024-bit moduli upgraded from warnings to failures. - Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00). - Added feature to look up algorithms in internal database (see `--lookup`); credit [Adam Russell](https://github.com/thecliguy). - Suppress recommendation of token host key types. - Added check for use-after-free vulnerability in PuTTY v0.73. - Added 11 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`, `spki-sign-rsa`, `ssh-ed448`, `x509v3-ecdsa-sha2-nistp256`, `x509v3-ecdsa-sha2-nistp384`, `x509v3-ecdsa-sha2-nistp521`, `x509v3-rsa2048-sha256`. - Added 8 new key exchanges: `diffie-hellman-group1-sha256`, `kexAlgoCurve25519SHA256`, `Curve25519SHA256`, `gss-group14-sha256-`, `gss-group15-sha512-`, `gss-group16-sha512-`, `gss-nistp256-sha256-`, `gss-curve25519-sha256-`. - Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`. - Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`. ### v2.2.0 (2020-03-11) - Marked host key type `ssh-rsa` as weak due to [practical SHA-1 collisions](https://eprint.iacr.org/2020/014.pdf). - Added Windows builds. - Added 10 new host key types: `ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss`, `x509v3-sign-rsa`, `x509v3-sign-rsa-sha256@ssh.com`, `x509v3-ssh-dss`, `x509v3-ssh-rsa`, `sk-ecdsa-sha2-nistp256-cert-v01@openssh.com`, `sk-ecdsa-sha2-nistp256@openssh.com`, `sk-ssh-ed25519-cert-v01@openssh.com`, and `sk-ssh-ed25519@openssh.com`. - Added 18 new key exchanges: `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`, `ecdh-sha2-curve25519`, `ecdh-sha2-nistb233`, `ecdh-sha2-nistb409`, `ecdh-sha2-nistk163`, `ecdh-sha2-nistk233`, `ecdh-sha2-nistk283`, `ecdh-sha2-nistk409`, `ecdh-sha2-nistp192`, `ecdh-sha2-nistp224`, `ecdh-sha2-nistt571`, `gss-gex-sha1-`, and `gss-group1-sha1-`. - Added 9 new ciphers: `camellia128-cbc`, `camellia128-ctr`, `camellia192-cbc`, `camellia192-ctr`, `camellia256-cbc`, `camellia256-ctr`, `aes128-gcm`, `aes256-gcm`, and `chacha20-poly1305`. - Added 2 new MACs: `aes128-gcm` and `aes256-gcm`. ### v2.1.1 (2019-11-26) - Added 2 new host key types: `rsa-sha2-256-cert-v01@openssh.com`, `rsa-sha2-512-cert-v01@openssh.com`. - Added 2 new ciphers: `des`, `3des`. - Added 3 new PuTTY vulnerabilities. - During client testing, client IP address is now listed in output. ### v2.1.0 (2019-11-14) - Added client software auditing functionality (see `-c` / `--client-audit` option). - Added JSON output option (see `-j` / `--json` option; credit [Andreas Jaggi](https://github.com/x-way)). - Fixed crash while scanning Solaris Sun_SSH. - Added 9 new key exchanges: `gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group14-sha1-`, `gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group15-sha512-toWM5Slw5Ew8Mqkay+al2g==`, `diffie-hellman-group15-sha256`, `ecdh-sha2-1.3.132.0.10`, `curve448-sha512`. - Added 1 new host key type: `ecdsa-sha2-1.3.132.0.10`. - Added 4 new ciphers: `idea-cbc`, `serpent128-cbc`, `serpent192-cbc`, `serpent256-cbc`. - Added 6 new MACs: `hmac-sha2-256-96-etm@openssh.com`, `hmac-sha2-512-96-etm@openssh.com`, `hmac-ripemd`, `hmac-sha256-96@ssh.com`, `umac-32@openssh.com`, `umac-96@openssh.com`. ### v2.0.0 (2019-08-29) - Forked from https://github.com/arthepsy/ssh-audit (development was stalled, and developer went MIA). - Added RSA host key length test. - Added RSA certificate key length test. - Added Diffie-Hellman modulus size test. - Now outputs host key fingerprints for RSA and ED25519. - Added 5 new key exchanges: `sntrup4591761x25519-sha512@tinyssh.org`, `diffie-hellman-group-exchange-sha256@ssh.com`, `diffie-hellman-group-exchange-sha512@ssh.com`, `diffie-hellman-group16-sha256`, `diffie-hellman-group17-sha512`. - Added 3 new encryption algorithms: `des-cbc-ssh1`, `blowfish-ctr`, `twofish-ctr`. - Added 10 new MACs: `hmac-sha2-56`, `hmac-sha2-224`, `hmac-sha2-384`, `hmac-sha3-256`, `hmac-sha3-384`, `hmac-sha3-512`, `hmac-sha256`, `hmac-sha256@ssh.com`, `hmac-sha512`, `hmac-512@ssh.com`. - Added command line argument (`-t` / `--timeout`) for connection & reading timeouts. - Updated CVEs for libssh & Dropbear. ### v1.7.0 (2016-10-26) - implement options to allow specify IPv4/IPv6 usage and order of precedence - implement option to specify remote port (old behavior kept for compatibility) - add colors support for Microsoft Windows via optional colorama dependency - fix encoding and decoding issues, add tests, do not crash on encoding errors - use mypy-lang for static type checking and verify all code ### v1.6.0 (2016-10-14) - implement algorithm recommendations section (based on recognized software) - implement full libssh support (version history, algorithms, security, etc) - fix SSH-1.99 banner recognition and version comparison functionality - do not output empty algorithms (happens for misconfigured servers) - make consistent output for Python 3.x versions - add a lot more tests (conf, banner, software, SSH1/SSH2, output, etc) - use Travis CI to test for multiple Python versions (2.6-3.5, pypy, pypy3) ### v1.5.0 (2016-09-20) - create security section for related security information - match and output assigned CVE list and security issues for Dropbear SSH - implement full SSH1 support with fingerprint information - automatically fallback to SSH1 on protocol mismatch - add new options to force SSH1 or SSH2 (both allowed by default) - parse banner information and convert it to specific software and OS version - do not use padding in batch mode - several fixes (Cisco sshd, rare hangs, error handling, etc) ### v1.0.20160902 - implement batch output option - implement minimum output level option - fix compatibility with Python 2.6 ### v1.0.20160812 - implement SSH version compatibility feature - fix wrong mac algorithm warning - fix Dropbear SSH version typo - parse pre-banner header - better errors handling ### v1.0.20160803 - use OpenSSH 7.3 banner - add new key-exchange algorithms ### v1.0.20160207 - use OpenSSH 7.2 banner - additional warnings for OpenSSH 7.2 - fix OpenSSH 7.0 failure messages - add rijndael-cbc failure message from OpenSSH 6.7 ### v1.0.20160105 - multiple additional warnings - support for none algorithm - better compression handling - ensure reading enough data (fixes few Linux SSH) ### v1.0.20151230 - Dropbear SSH support ### v1.0.20151223 - initial version ssh-audit-3.3.0/add_builtin_man_page.sh000077500000000000000000000110651470352310600200660ustar00rootroot00000000000000#!/usr/bin/env bash # # The MIT License (MIT) # # Copyright (C) 2021-2024 Joe Testa (jtesta@positronsecurity.com) # Copyright (C) 2021 Adam Russell () # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # ################################################################################ # add_builtin_man_page.sh # # PURPOSE # Since some platforms lack a manual reader it's necessary to provide an # alternative means of reading the man page. # # This script should be run as part of the ssh-audit packaging process for # Docker, PyPI, Snap, and Windows. It populates the 'BUILTIN_MAN_PAGE' # variable in 'globals.py' with the contents of the man page. Users can then # see the man page with "ssh-audit [--manual|-m]". # # Linux or Cygwin is required to run this script. # # USAGE # add_builtin_man_page.sh [-m ] [-g ] # ################################################################################ usage() { echo >&2 "Usage: $0 [-m ] [-g ] [-h]" echo >&2 " -m Specify an alternate man page path (default: ./ssh-audit.1)" echo >&2 " -g Specify an alternate globals.py path (default: ./src/ssh_audit/globals.py)" echo >&2 " -h This help message" } PLATFORM="$(uname -s)" # This script is intended for use on Linux and Cygwin only. case "${PLATFORM}" in Linux | CYGWIN*) ;; *) echo "Platform not supported: ${PLATFORM}" exit 1 ;; esac MAN_PAGE=./ssh-audit.1 GLOBALS_PY=./src/ssh_audit/globals.py while getopts "m: g: h" OPTION; do case "${OPTION}" in m) MAN_PAGE="${OPTARG}" ;; g) GLOBALS_PY="${OPTARG}" ;; h) usage exit 0 ;; *) echo >&2 "Invalid parameter(s) provided" usage exit 1 ;; esac done # Check that the specified files exist. [[ -f "$MAN_PAGE" ]] || { echo >&2 "man page file not found: $MAN_PAGE"; exit 1; } [[ -f "${GLOBALS_PY}" ]] || { echo >&2 "globals.py file not found: ${GLOBALS_PY}"; exit 1; } # Check that the 'ul' (do underlining) binary exists. if [[ "${PLATFORM}" == "Linux" ]]; then command -v ul >/dev/null 2>&1 || { echo >&2 "ul not found."; exit 1; } fi # Check that the 'sed' (stream editor) binary exists. command -v sed >/dev/null 2>&1 || { echo >&2 "sed not found."; exit 1; } # Reset the globals.py file, in case it was modified from a prior run. git checkout "${GLOBALS_PY}" > /dev/null 2>&1 # Remove the Windows man page placeholder from 'globals.py'. sed -i '/^BUILTIN_MAN_PAGE/d' "${GLOBALS_PY}" echo "Processing man page at ${MAN_PAGE} and placing output into ${GLOBALS_PY}..." # Append the man page content to 'globals.py'. # * man outputs a backspace-overwrite sequence rather than an ANSI escape # sequence. # * 'MAN_KEEP_FORMATTING' preserves the backspace-overwrite sequence when # redirected to a file or a pipe. # * sed converts unicode hyphens into an ASCI equivalent. # * The 'ul' command converts the backspace-overwrite sequence to an ANSI # escape sequence. Not required under Cygwin because man outputs ANSI escape # codes automatically. echo BUILTIN_MAN_PAGE = '"""' >> "${GLOBALS_PY}" if [[ "${PLATFORM}" == CYGWIN* ]]; then MANWIDTH=80 MAN_KEEP_FORMATTING=1 man "${MAN_PAGE}" | sed $'s/\u2010/-/g' >> "${GLOBALS_PY}" else MANWIDTH=80 MAN_KEEP_FORMATTING=1 man "${MAN_PAGE}" | ul | sed $'s/\u2010/-/g' >> "${GLOBALS_PY}" fi echo '"""' >> "${GLOBALS_PY}" echo "Done." exit 0 ssh-audit-3.3.0/build_snap.sh000077500000000000000000000057451470352310600161110ustar00rootroot00000000000000#!/usr/bin/env bash # # The MIT License (MIT) # # Copyright (C) 2021-2024 Joe Testa (jtesta@positronsecurity.com) # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # ################################################################################ # build_snap.sh # # Builds a Snap package. ################################################################################ # Pre-requisites sudo apt install -y make sudo snap install snapcraft --classic sudo snap install review-tools lxd # Initialize LXD. sudo lxd init --auto # Reset the filesystem from any previous runs. rm -rf parts/ prime/ snap/ stage/ build/ dist/ src/*.egg-info/ ssh-audit*.snap git checkout snapcraft.yaml 2> /dev/null git checkout src/ssh_audit/globals.py 2> /dev/null # Add the built-in manual page. ./add_builtin_man_page.sh # Get the version from the globals.py file. version=$(grep VERSION src/ssh_audit/globals.py | awk 'BEGIN {FS="="} ; {print $2}' | tr -d '[:space:]') # Strip the quotes around the version (along with the initial 'v' character) and append "-1" to make the default Snap version (i.e.: 'v2.5.0' => '2.5.0-1') default_snap_version="${version:2:-1}-1" echo -e -n "\nEnter Snap package version [default: ${default_snap_version}]: " read -r snap_version # If no version was specified, use the default version. if [[ $snap_version == '' ]]; then snap_version=$default_snap_version echo -e "Using default snap version: ${snap_version}\n" fi # Ensure that the snap version fits the format of X.X.X-X. if [[ ! $snap_version =~ ^[0-9]\.[0-9]\.[0-9]\-[0-9]$ ]]; then echo "Error: version string does not match format X.X.X-X!" exit 1 fi # Append the version field to the end of the file. Not pretty, but it works. echo -e "\nversion: '${snap_version}'" >> snapcraft.yaml # Set the SNAP_PACKAGE variable to True so that file permission errors give more user-friendly sed -i 's/SNAP_PACKAGE = False/SNAP_PACKAGE = True/' src/ssh_audit/globals.py snapcraft --use-lxd && echo -e "\nDone.\n" ssh-audit-3.3.0/build_windows_executable.sh000077500000000000000000000077341470352310600210430ustar00rootroot00000000000000#!/usr/bin/env bash # # The MIT License (MIT) # # Copyright (C) 2021-2024 Joe Testa (jtesta@positronsecurity.com) # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # ################################################################################ # build_windows_executable.sh # # Builds a Windows executable using PyInstaller. ################################################################################ PLATFORM="$(uname -s)" # This script is intended for use on Cygwin only. case "${PLATFORM}" in CYGWIN*) ;; *) echo "Platform not supported (${PLATFORM}). This must be run in Cygwin only." exit 1 ;; esac # Ensure that Python 3.x is installed. if [[ "$(python -V)" != "Python 3."* ]]; then echo "Python v3.x not found. Install the latest stable version from: https://www.python.org/" exit 1 fi # Install/update package dependencies. echo "Installing/updating pyinstaller and colorama packages..." pip install -U pyinstaller colorama echo # Prompt for the version to release. echo -n "Enter the version to release, using format 'vX.X.X': " read -r version # Ensure that entered version fits required format. if [[ ! $version =~ ^v[0-9]\.[0-9]\.[0-9]$ ]]; then echo "Error: version string does not match format vX.X.X!" exit 1 fi # Verify that version is correct. echo -n "Version will be set to '${version}'. Is this correct? (y/n): " read -r yn echo if [[ $yn != "y" ]]; then echo "Build cancelled." exit 1 fi # Reset any local changes made to globals.py from a previous run. git checkout src/ssh_audit/globals.py 2> /dev/null # Update the man page. ./add_builtin_man_page.sh retval=$? if [[ ${retval} != 0 ]]; then echo "Failed to run ./update_windows_man_page.sh" exit 1 fi # Do all operations from this point from the main source directory. pushd src/ssh_audit || exit > /dev/null # Delete the existing VERSION variable and add the value that the user entered, above. sed -i '/^VERSION/d' globals.py echo "VERSION = '$version'" >> globals.py # Delete cached files if they exist from a prior run. rm -rf dist/ build/ ssh-audit.spec # Create a hard link from ssh_audit.py to ssh-audit.py. if [[ ! -f ssh-audit.py ]]; then ln ssh_audit.py ssh-audit.py fi echo -e "\nRunning pyinstaller...\n" pyinstaller -F --icon ../../windows_icon.ico ssh-audit.py if [[ -f dist/ssh-audit.exe ]]; then echo -e "\nExecutable created in $(pwd)/dist/ssh-audit.exe\n" else echo -e "\nFAILED to create $(pwd)/dist/ssh-audit.exe!\n" exit 1 fi # Ensure that the version string doesn't have '-dev' in it. dist/ssh-audit.exe | grep -E 'ssh-audit.exe v.+\-dev' > /dev/null retval=$? if [[ ${retval} == 0 ]]; then echo -e "\nError: executable's version number includes '-dev'." exit 1 fi # Remove the cache files created during the build process, along with the link we created, above. rm -rf build/ ssh-audit.spec ssh-audit.py # Reset the changes we made to globals.py. git checkout globals.py 2> /dev/null popd || exit > /dev/null exit 0 ssh-audit-3.3.0/docker_test.sh000077500000000000000000000740311470352310600162710ustar00rootroot00000000000000#!/bin/bash # # This script will set up a docker image with multiple versions of OpenSSH, then # use it to run tests. # # Optional arguments: # --accept: accepts test failures and overwrites expected results with actual results (useful for updating the tests themselves). # --create: attempts to create a new docker image. # # # For debugging purposes, here is a cheat sheet for manually running the docker image: # # docker run -p 2222:22 -it ssh-audit-test:X /bin/bash # docker run -p 2222:22 --security-opt seccomp:unconfined -it ssh-audit-test /debug.sh # docker run -d -p 2222:22 ssh-audit-test:X /openssh/sshd-5.6p1 -D -f /etc/ssh/sshd_config-5.6p1_test1 # docker run -d -p 2222:22 ssh-audit-test:X /openssh/sshd-8.0p1 -D -f /etc/ssh/sshd_config-8.0p1_test1 # # This is the docker tag for the image. If this tag doesn't exist, then we assume the # image is out of date, and generate a new one with this tag. IMAGE_VERSION=3 # This is the name of our docker image. IMAGE_NAME=positronsecurity/ssh-audit-test-framework # Terminal colors. CLR="\033[0m" #RED="\033[0;31m" #YELLOW="\033[0;33m" GREEN="\033[0;32m" REDB="\033[1;31m" # Red + bold YELLOWB="\033[1;33m" # Yellow + bold GREENB="\033[1;32m" # Green + bold # Program return values. PROGRAM_RETVAL_FAILURE=3 PROGRAM_RETVAL_WARNING=2 #PROGRAM_RETVAL_CONNECTION_ERROR=1 PROGRAM_RETVAL_GOOD=0 # Counts the number of test failures. num_failures=0 # When set, if a failure is encountered, overwrite the expected output with the actual value (i.e.: the user validated the failures already and wants to update the tests themselves). accept=0 # Returns 0 if current docker image exists. check_if_docker_image_exists() { images=$(docker image ls | grep -E "$IMAGE_NAME[[:space:]]+$IMAGE_VERSION") } # Uncompresses and compiles the specified version of Dropbear. compile_dropbear() { version=$1 compile "Dropbear" "$version" } # Uncompresses and compiles the specified version of OpenSSH. compile_openssh() { version=$1 compile "OpenSSH" "$version" } # Uncompresses and compiles the specified version of TinySSH. compile_tinyssh() { version=$1 compile "TinySSH" "$version" } compile() { project=$1 version=$2 tarball= uncompress_options= source_dir= server_executable= if [[ $project == "OpenSSH" ]]; then tarball="openssh-${version}.tar.gz" uncompress_options="xzf" source_dir="openssh-${version}" server_executable=sshd elif [[ $project == "Dropbear" ]]; then tarball="dropbear-${version}.tar.bz2" uncompress_options="xjf" source_dir="dropbear-${version}" server_executable=dropbear elif [[ $project == "TinySSH" ]]; then tarball="${version}.tar.gz" uncompress_options="xzf" source_dir="tinyssh-${version}" server_executable="build/bin/tinysshd" fi echo "Uncompressing ${project} ${version}..." tar $uncompress_options "$tarball" echo "Compiling ${project} ${version}..." pushd "$source_dir" || exit > /dev/null # TinySSH has no configure script... only a Makefile. if [[ $project == "TinySSH" ]]; then make -j 10 else ./configure && make -j 10 fi if [[ ! -f $server_executable ]]; then echo -e "${REDB}Error: ${server_executable} not built!${CLR}" exit 1 fi echo -e "\n${GREEN}Successfully built ${project} ${version}${CLR}\n" popd || exit > /dev/null } # Creates a new docker image. create_docker_image() { # Create a new temporary directory. TMP_DIR=$(mktemp -d /tmp/sshaudit-docker-XXXXXXXXXX) # Copy the Dockerfile and all files in the test/docker/ dir to our new temp directory. find test/docker/ -maxdepth 1 -type f -exec cp -t "$TMP_DIR" "{}" + # Make the temp directory our working directory for the duration of the build # process. pushd "$TMP_DIR" || exit > /dev/null # Get the release keys. get_dropbear_release_key get_openssh_release_key get_tinyssh_release_key # Aside from checking the GPG signatures, we also compare against this known-good # SHA-256 hash just in case. get_openssh "4.0p1" "5adb9b2c2002650e15216bf94ed9db9541d9a17c96fcd876784861a8890bc92b" get_openssh "5.6p1" "538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b" get_openssh "8.0p1" "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68" get_dropbear "2019.78" "525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4" get_tinyssh "20190101" "554a9a94e53b370f0cd0c5fbbd322c34d1f695cbcea6a6a32dcb8c9f595b3fea" # Compile the versions of OpenSSH. compile_openssh "4.0p1" compile_openssh "5.6p1" compile_openssh "8.0p1" # Compile the versions of Dropbear. compile_dropbear "2019.78" # Compile the versions of TinySSH. compile_tinyssh "20190101" # Rename the default config files so we know they are our originals. mv openssh-4.0p1/sshd_config sshd_config-4.0p1_orig mv openssh-5.6p1/sshd_config sshd_config-5.6p1_orig mv openssh-8.0p1/sshd_config sshd_config-8.0p1_orig # Create the configurations for each test. # # OpenSSH v4.0p1 # # Test 1: Basic test. create_openssh_config "4.0p1" "test1" "HostKey /etc/ssh/ssh1_host_key\nHostKey /etc/ssh/ssh_host_rsa_key_1024\nHostKey /etc/ssh/ssh_host_dsa_key" # # OpenSSH v5.6p1 # # Test 1: Basic test. create_openssh_config "5.6p1" "test1" "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostKey /etc/ssh/ssh_host_dsa_key" # Test 2: RSA 1024 host key with RSA 1024 certificate. create_openssh_config "5.6p1" "test2" "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostCertificate /etc/ssh/ssh_host_rsa_key_1024-cert_1024.pub" # Test 3: RSA 1024 host key with RSA 3072 certificate. create_openssh_config "5.6p1" "test3" "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostCertificate /etc/ssh/ssh_host_rsa_key_1024-cert_3072.pub" # Test 4: RSA 3072 host key with RSA 1024 certificate. create_openssh_config "5.6p1" "test4" "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostCertificate /etc/ssh/ssh_host_rsa_key_3072-cert_1024.pub" # Test 5: RSA 3072 host key with RSA 3072 certificate. create_openssh_config "5.6p1" "test5" "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostCertificate /etc/ssh/ssh_host_rsa_key_3072-cert_3072.pub" # # OpenSSH v8.0p1 # # Test 1: Basic test. create_openssh_config "8.0p" "test1" "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostKey /etc/ssh/ssh_host_ecdsa_key\nHostKey /etc/ssh/ssh_host_ed25519_key" # Test 2: ED25519 certificate test. create_openssh_config "8.0p1" "test2" "HostKey /etc/ssh/ssh_host_ed25519_key\nHostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" # Test 3: Hardened installation test. create_openssh_config "8.0p1" "test3" "HostKey /etc/ssh/ssh_host_ed25519_key\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com" # Now build the docker image! docker build --tag "$IMAGE_NAME:$IMAGE_VERSION" . popd || exit > /dev/null rm -rf -- "$TMP_DIR" } # Creates an OpenSSH configuration file for a specific test. create_openssh_config() { openssh_version=$1 test_number=$2 config_text=$3 cp "sshd_config-${openssh_version}_orig" "sshd_config-${openssh_version}_${test_number}" echo -e "${config_text}" >> "sshd_config-${openssh_version}_${test_number}" } # Downloads the Dropbear release key and adds it to the local keyring. get_dropbear_release_key() { get_release_key "Dropbear" "https://matt.ucc.asn.au/dropbear/releases/dropbear-key-2015.asc" "F29C6773" "F734 7EF2 EE2E 07A2 6762 8CA9 4493 1494 F29C 6773" } # Downloads the OpenSSH release key and adds it to the local keyring. get_openssh_release_key() { get_release_key "OpenSSH" "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc" "6D920D30" "59C2 118E D206 D927 E667 EBE3 D3E5 F56B 6D92 0D30" } # Downloads the TinySSH release key and adds it to the local keyring. get_tinyssh_release_key() { get_release_key "TinySSH" "" "96939FF9" "AADF 2EDF 5529 F170 2772 C8A2 DEC4 D246 931E F49B" } get_release_key() { project=$1 key_url=$2 key_id=$3 release_key_fingerprint_expected=$4 # The TinySSH release key isn't on any website, apparently. if [[ $project == "TinySSH" ]]; then gpg --keyserver keys.gnupg.net --recv-key "$key_id" else echo -e "\nGetting ${project} release key...\n" wget -O key.asc "$2" echo -e "\nImporting ${project} release key...\n" gpg --import key.asc rm key.asc fi local release_key_fingerprint_actual release_key_fingerprint_actual=$(gpg --fingerprint "$key_id") if [[ $release_key_fingerprint_actual != *"$release_key_fingerprint_expected"* ]]; then echo -e "\n${REDB}Error: ${project} release key fingerprint does not match expected value!\n\tExpected: $release_key_fingerprint_expected\n\tActual: $release_key_fingerprint_actual\n\nTerminating.${CLR}" exit 1 fi echo -e "\n\n${GREEN}${project} release key matches expected value.${CLR}\n" } # Downloads the specified version of Dropbear. get_dropbear() { version=$1 tarball_checksum_expected=$2 get_source "Dropbear" "$version" "$tarball_checksum_expected" } # Downloads the specified version of OpenSSH. get_openssh() { version=$1 tarball_checksum_expected=$2 get_source "OpenSSH" "$version" "$tarball_checksum_expected" } # Downloads the specified version of TinySSH. get_tinyssh() { version=$1 tarball_checksum_expected=$2 get_source "TinySSH" "$version" "$tarball_checksum_expected" } get_source() { project=$1 version=$2 tarball_checksum_expected=$3 base_url_source= base_url_sig= tarball= sig= signer= if [[ $project == "OpenSSH" ]]; then base_url_source="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/" base_url_sig=$base_url_source tarball="openssh-${version}.tar.gz" sig="${tarball}.asc" signer="Damien Miller " elif [[ $project == "Dropbear" ]]; then base_url_source="https://matt.ucc.asn.au/dropbear/releases/" base_url_sig=$base_url_source tarball="dropbear-${version}.tar.bz2" sig="${tarball}.asc" signer="Dropbear SSH Release Signing " elif [[ $project == "TinySSH" ]]; then base_url_source="https://github.com/janmojzis/tinyssh/archive/" base_url_sig="https://github.com/janmojzis/tinyssh/releases/download/${version}/" tarball="${version}.tar.gz" sig="${tarball}.asc" signer="Jan Mojžíš " fi echo -e "\nGetting ${project} ${version} sources...\n" wget "${base_url_source}${tarball}" echo -e "\nGetting ${project} ${version} signature...\n" wget "${base_url_sig}${sig}" # Older OpenSSH releases were .sigs. if [[ ($project == "OpenSSH") && (! -f $sig) ]]; then wget "${base_url_sig}openssh-${version}.tar.gz.sig" sig=openssh-${version}.tar.gz.sig fi local gpg_verify gpg_verify=$(gpg --verify "${sig}" "${tarball}" 2>&1) retval=$? if [[ $gpg_verify != *"Good signature from \"${signer}"* ]]; then echo -e "\n\n${REDB}Error: ${project} signature invalid!\n$gpg_verify\n\nTerminating.${CLR}" exit 1 fi # Check GPG's return value. 0 denotes a valid signature, and 1 is returned # on invalid signatures. if [[ ${retval} != 0 ]]; then echo -e "\n\n${REDB}Error: ${project} signature invalid! Verification returned code: $?\n\nTerminating.${CLR}" exit 1 fi echo -e "${GREEN}Signature on ${project} sources verified.${CLR}\n" local checksum_actual checksum_actual=$(sha256sum "${tarball}" | cut -f1 -d" ") if [[ $checksum_actual != "$tarball_checksum_expected" ]]; then echo -e "${REDB}Error: ${project} checksum is invalid!\n Expected: ${tarball_checksum_expected}\n Actual: ${checksum_actual}\n\n Terminating.${CLR}" exit 1 fi } # Pulls the defined image from Dockerhub. pull_docker_image() { docker pull "${IMAGE_NAME}:${IMAGE_VERSION}" retval=$? if [[ ${retval} == 0 ]]; then echo -e "${GREEN}Successfully downloaded image ${IMAGE_NAME}:${IMAGE_VERSION} from Dockerhub.${CLR}\n" else echo -e "${REDB}Failed to pull image ${IMAGE_NAME}:${IMAGE_VERSION} from Dockerhub! Error code: ${retval}${CLR}\n" exit 1 fi } # Runs a Dropbear test. Upon failure, a diff between the expected and actual results # is shown, then the script immediately terminates. run_dropbear_test() { dropbear_version=$1 test_number=$2 options=$3 expected_retval=$4 run_test "Dropbear" "${dropbear_version}" "${test_number}" "${options}" "${expected_retval}" } # Runs an OpenSSH test. Upon failure, a diff between the expected and actual results # is shown, then the script immediately terminates. run_openssh_test() { openssh_version=$1 test_number=$2 expected_retval=$3 run_test "OpenSSH" "${openssh_version}" "${test_number}" "" "${expected_retval}" } # Runs a TinySSH test. Upon failure, a diff between the expected and actual results # is shown, then the script immediately terminates. run_tinyssh_test() { tinyssh_version=$1 test_number=$2 expected_retval=$3 run_test "TinySSH" "${tinyssh_version}" "${test_number}" "" "${expected_retval}" } run_test() { server_type=$1 version=$2 test_number=$3 options=$4 expected_retval=$5 failed=0 # Set to 1 if this test fails. server_exec= test_result_stdout= test_result_json= expected_result_stdout= expected_result_json= test_name= if [[ $server_type == "OpenSSH" ]]; then server_exec="/openssh/sshd-${version} -D -f /etc/ssh/sshd_config-${version}_${test_number}" test_result_stdout="${TEST_RESULT_DIR}/openssh_${version}_${test_number}.txt" test_result_json="${TEST_RESULT_DIR}/openssh_${version}_${test_number}.json" expected_result_stdout="test/docker/expected_results/openssh_${version}_${test_number}.txt" expected_result_json="test/docker/expected_results/openssh_${version}_${test_number}.json" test_name="OpenSSH ${version} ${test_number}" options= elif [[ $server_type == "Dropbear" ]]; then server_exec="/dropbear/dropbear-${version} -F ${options}" test_result_stdout="${TEST_RESULT_DIR}/dropbear_${version}_${test_number}.txt" test_result_json="${TEST_RESULT_DIR}/dropbear_${version}_${test_number}.json" expected_result_stdout="test/docker/expected_results/dropbear_${version}_${test_number}.txt" expected_result_json="test/docker/expected_results/dropbear_${version}_${test_number}.json" test_name="Dropbear ${version} ${test_number}" elif [[ $server_type == "TinySSH" ]]; then server_exec="/usr/bin/tcpserver -HRDl0 0.0.0.0 22 /tinysshd/tinyssh-20190101 -v /etc/tinyssh/" test_result_stdout="${TEST_RESULT_DIR}/tinyssh_${version}_${test_number}.txt" test_result_json="${TEST_RESULT_DIR}/tinyssh_${version}_${test_number}.json" expected_result_stdout="test/docker/expected_results/tinyssh_${version}_${test_number}.txt" expected_result_json="test/docker/expected_results/tinyssh_${version}_${test_number}.json" test_name="TinySSH ${version} ${test_number}" fi #echo "Running: docker run --rm -d -p 2222:22 $IMAGE_NAME:$IMAGE_VERSION ${server_exec}" cid=$(docker run --rm -d -p 2222:22 "${IMAGE_NAME}:${IMAGE_VERSION}" ${server_exec}) retval=$? if [[ ${retval} != 0 ]]; then echo -e "${REDB}Failed to run docker image! (exit code: ${retval})${CLR}" exit 1 fi ./ssh-audit.py --skip-rate-test localhost:2222 > "$test_result_stdout" actual_retval=$? if [[ $actual_retval != "$expected_retval" ]]; then echo -e "${REDB}Unexpected return value. Expected: ${expected_retval}; Actual: ${actual_retval}${CLR}" if [[ $accept == 1 ]]; then echo -e "\n${REDB}This failure cannot be automatically fixed; this script must be manually updated with the new expected return value.${CLR}" fi cat "${test_result_stdout}" docker container stop -t 0 "${cid}" > /dev/null exit 1 fi ./ssh-audit.py --skip-rate-test -jj localhost:2222 > "$test_result_json" actual_retval=$? if [[ $actual_retval != "$expected_retval" ]]; then echo -e "${REDB}Unexpected return value. Expected: ${expected_retval}; Actual: ${actual_retval}${CLR}" if [[ $accept == 1 ]]; then echo -e "\n${REDB}This failure cannot be automatically fixed; this script must be manually updated with the new expected return value.${CLR}" fi cat "${test_result_json}" docker container stop -t 0 "${cid}" > /dev/null exit 1 fi docker container stop -t 0 "${cid}" > /dev/null retval=$? if [[ ${retval} != 0 ]]; then echo -e "${REDB}Failed to stop docker container ${cid}! (exit code: ${retval})${CLR}" exit 1 fi # TinySSH outputs a random string in each banner, which breaks our test. So # we need to filter out the banner part of the output so we get stable, repeatable # results. if [[ $server_type == "TinySSH" ]]; then grep -v "(gen) banner: " "${test_result_stdout}" > "${test_result_stdout}.tmp" mv "${test_result_stdout}.tmp" "${test_result_stdout}" cat "${test_result_json}" | perl -pe 's/"comments": ".*?"/"comments": ""/' | perl -pe 's/"raw": ".+?"/"raw": ""/' > "${test_result_json}.tmp" mv "${test_result_json}.tmp" "${test_result_json}" fi diff=$(diff -u "${expected_result_stdout}" "${test_result_stdout}") retval=$? if [[ ${retval} != 0 ]]; then # If the user wants to update the tests, then overwrite the expected results with the actual results. if [[ $accept == 1 ]]; then cp "${test_result_stdout}" "${expected_result_stdout}" echo -e "${test_name} ${YELLOWB}UPDATED${CLR}\n" else echo -e "${test_name} ${REDB}FAILED${CLR}.\n\n${diff}\n" failed=1 num_failures=$((num_failures+1)) fi fi diff=$(diff -u "${expected_result_json}" "${test_result_json}") retval=$? if [[ ${retval} != 0 ]]; then # If the user wants to update the tests, then overwrite the expected results with the actual results. if [[ $accept == 1 ]]; then cp "${test_result_json}" "${expected_result_json}" echo -e "${test_name} ${YELLOWB}UPDATED${CLR}\n" else echo -e "${test_name} ${REDB}FAILED${CLR}.\n\n${diff}\n" failed=1 num_failures=$((num_failures+1)) fi fi if [[ $failed == 0 ]]; then echo -e "${test_name} ${GREEN}passed${CLR}." fi } run_builtin_policy_test() { policy_name=$1 # The built-in policy name to use. version=$2 # Version of OpenSSH to test with. test_number=$3 # The test number to run. server_options=$4 # The options to start the server with (i.e.: "-o option1,options2,...") expected_exit_code=$5 # The expected exit code of ssh-audit.py. server_exec="/openssh/sshd-${version} -D -f /etc/ssh/sshd_config-8.0p1_test1 ${server_options}" test_result_stdout="${TEST_RESULT_DIR}/openssh_${version}_builtin_policy_${test_number}.txt" test_result_json="${TEST_RESULT_DIR}/openssh_${version}_builtin_policy_${test_number}.json" expected_result_stdout="test/docker/expected_results/openssh_${version}_builtin_policy_${test_number}.txt" expected_result_json="test/docker/expected_results/openssh_${version}_builtin_policy_${test_number}.json" test_name="OpenSSH ${version} built-in policy ${test_number}" run_policy_test "${test_name}" "${server_exec}" "${policy_name}" "${test_result_stdout}" "${test_result_json}" "${expected_exit_code}" } run_custom_policy_test() { config_number=$1 # The configuration number to use. test_number=$2 # The policy test number to run. expected_exit_code=$3 # The expected exit code of ssh-audit.py. version= config= if [[ ${config_number} == "config1" ]]; then version="5.6p1" config="sshd_config-5.6p1_test1" elif [[ ${config_number} == "config2" ]]; then version="8.0p1" config="sshd_config-8.0p1_test1" elif [[ ${config_number} == "config3" ]]; then version="5.6p1" config="sshd_config-5.6p1_test4" fi server_exec="/openssh/sshd-${version} -D -f /etc/ssh/${config}" policy_path="test/docker/policies/policy_${test_number}.txt" test_result_stdout="${TEST_RESULT_DIR}/openssh_${version}_custom_policy_${test_number}.txt" test_result_json="${TEST_RESULT_DIR}/openssh_${version}_custom_policy_${test_number}.json" expected_result_stdout="test/docker/expected_results/openssh_${version}_custom_policy_${test_number}.txt" expected_result_json="test/docker/expected_results/openssh_${version}_custom_policy_${test_number}.json" test_name="OpenSSH ${version} custom policy ${test_number}" run_policy_test "${test_name}" "${server_exec}" "${policy_path}" "${test_result_stdout}" "${test_result_json}" "${expected_exit_code}" } run_policy_test() { test_name=$1 server_exec=$2 policy_path=$3 test_result_stdout=$4 test_result_json=$5 expected_exit_code=$6 #echo "Running: docker run --rm -d -p 2222:22 $IMAGE_NAME:$IMAGE_VERSION ${server_exec}" cid=$(docker run --rm -d -p 2222:22 "${IMAGE_NAME}:${IMAGE_VERSION}" ${server_exec}) retval=$? if [[ ${retval} != 0 ]]; then echo -e "${REDB}Failed to run docker image! (exit code: ${retval})${CLR}" exit 1 fi #echo "Running: ./ssh-audit.py -P \"${policy_path}\" localhost:2222 > ${test_result_stdout}" ./ssh-audit.py -P "${policy_path}" localhost:2222 > "${test_result_stdout}" actual_exit_code=$? if [[ ${actual_exit_code} != "${expected_exit_code}" ]]; then echo -e "${test_name} ${REDB}FAILED${CLR} (expected exit code: ${expected_exit_code}; actual exit code: ${actual_exit_code}\n" if [[ $accept == 1 ]]; then echo -e "\n${REDB}This failure cannot be automatically fixed; this script must be manually updated with the new expected return value.${CLR}" fi cat "${test_result_stdout}" docker container stop -t 0 "${cid}" > /dev/null exit 1 fi #echo "Running: ./ssh-audit.py -P \"${policy_path}\" -jj localhost:2222 > ${test_result_json} 2> /dev/null" ./ssh-audit.py -P "${policy_path}" -jj localhost:2222 > "${test_result_json}" 2> /dev/null actual_exit_code=$? if [[ ${actual_exit_code} != "${expected_exit_code}" ]]; then echo -e "${test_name} ${REDB}FAILED${CLR} (expected exit code: ${expected_exit_code}; actual exit code: ${actual_exit_code}\n" if [[ $accept == 1 ]]; then echo -e "\n${REDB}This failure cannot be automatically fixed; this script must be manually updated with the new expected return value.${CLR}" fi cat "${test_result_json}" docker container stop -t 0 "${cid}" > /dev/null exit 1 fi docker container stop -t 0 "${cid}" > /dev/null retval=$? if [[ ${retval} != 0 ]]; then echo -e "${REDB}Failed to stop docker container ${cid}! (exit code: ${retval})${CLR}" exit 1 fi diff=$(diff -u "${expected_result_stdout}" "${test_result_stdout}") retval=$? if [[ ${retval} != 0 ]]; then # If the user wants to update the tests, then overwrite the expected results with the actual results. if [[ $accept == 1 ]]; then cp "${test_result_stdout}" "${expected_result_stdout}" echo -e "${test_name} ${YELLOWB}UPDATED${CLR}\n" else echo -e "${test_name} ${REDB}FAILED${CLR}.\n\n${diff}\n" exit 1 fi fi diff=$(diff -u "${expected_result_json}" "${test_result_json}") retval=$? if [[ ${retval} != 0 ]]; then # If the user wants to update the tests, then overwrite the expected results with the actual results. if [[ $accept == 1 ]]; then cp "${test_result_json}" "${expected_result_json}" echo -e "${test_name} ${YELLOWB}UPDATED${CLR}\n" else echo -e "${test_name} ${REDB}FAILED${CLR}.\n\n${diff}\n" exit 1 fi fi echo -e "${test_name} ${GREEN}passed${CLR}." } # First check if docker is functional. docker version > /dev/null retval=$? if [[ ${retval} != 0 ]]; then echo -e "${REDB}Error: 'docker version' command failed (error code: ${retval}). Is docker installed and functioning?${CLR}" exit 1 fi # Check if the docker image is the most up-to-date version. docker_image_exists=0 check_if_docker_image_exists retval=$? if [[ ${retval} == 0 ]]; then docker_image_exists=1 fi # Check if the user specified --create to build a new image. if [[ ($# == 1) && ($1 == "--create") ]]; then # Ensure that the image name doesn't already exist before building. if [[ ${docker_image_exists} == 1 ]]; then echo -e "${REDB}Error: --create specified, but ${IMAGE_NAME}:${IMAGE_VERSION} already exists!${CLR}" exit 1 else echo -e "\nCreating docker image ${IMAGE_NAME}:${IMAGE_VERSION}..." create_docker_image echo -e "\n${GREEN}Done creating docker image!${CLR}" exit 0 fi fi # If the user passes --accept, then the actual results will replace the expected results (meaning the user wants to update the tests themselves due to new functionality). if [[ ($# == 1) && ($1 == "--accept") ]]; then accept=1 echo -e "\n${YELLOWB}Expected test results will be replaced with actual results.${CLR}" fi # If we weren't explicitly told to create a new image, and it doesn't exist, then pull it from Dockerhub. if [[ ${docker_image_exists} == 0 ]]; then echo -e "\nPulling docker image ${IMAGE_NAME}:${IMAGE_VERSION}..." pull_docker_image fi echo -e "\n${GREEN}Starting tests...${CLR}" # Create a temporary directory to write test results to. TEST_RESULT_DIR=$(mktemp -d /tmp/ssh-audit_test-results_XXXXXXXXXX) # Now run all the tests. echo -e "\nRunning tests..." run_openssh_test "4.0p1" "test1" "${PROGRAM_RETVAL_FAILURE}" echo run_openssh_test "5.6p1" "test1" "${PROGRAM_RETVAL_FAILURE}" run_openssh_test "5.6p1" "test2" "${PROGRAM_RETVAL_FAILURE}" run_openssh_test "5.6p1" "test3" "${PROGRAM_RETVAL_FAILURE}" run_openssh_test "5.6p1" "test4" "${PROGRAM_RETVAL_FAILURE}" run_openssh_test "5.6p1" "test5" "${PROGRAM_RETVAL_FAILURE}" echo run_openssh_test "8.0p1" "test1" "${PROGRAM_RETVAL_FAILURE}" run_openssh_test "8.0p1" "test2" "${PROGRAM_RETVAL_FAILURE}" run_openssh_test "8.0p1" "test3" "${PROGRAM_RETVAL_WARNING}" echo run_dropbear_test "2019.78" "test1" "-r /etc/dropbear/dropbear_rsa_host_key_1024 -r /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_ecdsa_host_key" 3 echo run_tinyssh_test "20190101" "test1" "${PROGRAM_RETVAL_WARNING}" echo echo run_custom_policy_test "config1" "test1" "${PROGRAM_RETVAL_GOOD}" run_custom_policy_test "config1" "test2" "${PROGRAM_RETVAL_FAILURE}" run_custom_policy_test "config1" "test3" "${PROGRAM_RETVAL_FAILURE}" run_custom_policy_test "config1" "test4" "${PROGRAM_RETVAL_FAILURE}" run_custom_policy_test "config1" "test5" "${PROGRAM_RETVAL_FAILURE}" run_custom_policy_test "config2" "test6" "${PROGRAM_RETVAL_GOOD}" # Passing test with host key certificate and CA key certificates. run_custom_policy_test "config3" "test7" "${PROGRAM_RETVAL_GOOD}" # Failing test with host key certificate and non-compliant CA key length. run_custom_policy_test "config3" "test8" "${PROGRAM_RETVAL_FAILURE}" # Failing test with non-compliant host key certificate and CA key certificate. run_custom_policy_test "config3" "test9" "${PROGRAM_RETVAL_FAILURE}" # Failing test with non-compliant host key certificate and non-compliant CA key certificate. run_custom_policy_test "config3" "test10" "${PROGRAM_RETVAL_FAILURE}" # Passing test with host key size check. run_custom_policy_test "config2" "test11" "${PROGRAM_RETVAL_GOOD}" # Failing test with non-compliant host key size check. run_custom_policy_test "config2" "test12" "${PROGRAM_RETVAL_FAILURE}" # Passing test with DH modulus test. run_custom_policy_test "config2" "test13" "${PROGRAM_RETVAL_GOOD}" # Failing test with DH modulus test. run_custom_policy_test "config2" "test14" "${PROGRAM_RETVAL_FAILURE}" # Passing test with algorithm subset matching. run_custom_policy_test "config2" "test15" "${PROGRAM_RETVAL_GOOD}" # Failing test with algorithm subset matching. run_custom_policy_test "config2" "test16" "${PROGRAM_RETVAL_FAILURE}" # Passing test with larger key matching. run_custom_policy_test "config2" "test17" "${PROGRAM_RETVAL_GOOD}" # Failing test for built-in OpenSSH 8.0p1 server policy (RSA host key size is 3072 instead of 4096). run_builtin_policy_test "Hardened OpenSSH Server v8.0 (version 4)" "8.0p1" "test1" "-o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256,ssh-ed25519 -o KexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 -o Ciphers=chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr -o MACs=hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com" "${PROGRAM_RETVAL_FAILURE}" # Failing test for built-in OpenSSH 8.0p1 server policy (MACs not hardened). run_builtin_policy_test "Hardened OpenSSH Server v8.0 (version 4)" "8.0p1" "test2" "-o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256,ssh-ed25519 -o KexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 -o Ciphers=chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr" "${PROGRAM_RETVAL_FAILURE}" if [[ $num_failures == 0 ]]; then echo -e "\n${GREENB}ALL TESTS PASS!${CLR}\n" rm -rf -- "${TEST_RESULT_DIR}" else echo -e "\n${REDB}${num_failures} TESTS FAILED!${CLR}\n" fi exit 0 ssh-audit-3.3.0/pyproject.toml000066400000000000000000000002631470352310600163340ustar00rootroot00000000000000[build-system] # https://pip.pypa.io/en/stable/reference/pip/#pep-517-and-518-support requires = [ "setuptools>=40.8.0", "wheel" ] build-backend = "setuptools.build_meta" ssh-audit-3.3.0/setup.cfg000066400000000000000000000026111470352310600152400ustar00rootroot00000000000000[metadata] name = ssh-audit version = attr: ssh_audit.globals.VERSION author = Joe Testa author_email = jtesta@positronsecurity.com description = An SSH server & client configuration security auditing tool long_description = file: README.md long_description_content_type = text/markdown license = MIT license_files = LICENSE url = https://github.com/jtesta/ssh-audit project_urls = Source Code = https://github.com/jtesta/ssh-audit Bug Tracker = https://github.com/jtesta/ssh-audit/issues classifiers = Development Status :: 5 - Production/Stable Intended Audience :: Information Technology Intended Audience :: System Administrators License :: OSI Approved :: MIT License Operating System :: OS Independent Programming Language :: Python :: 3 Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 Programming Language :: Python :: 3.10 Programming Language :: Python :: 3.11 Programming Language :: Python :: 3.12 Programming Language :: Python :: 3.13 Programming Language :: Python :: Implementation :: CPython Programming Language :: Python :: Implementation :: PyPy Topic :: Security Topic :: Security :: Cryptography [options] packages = find: package_dir = = src python_requires = >=3.8,<4 [options.packages.find] where = src [options.entry_points] console_scripts = ssh-audit = ssh_audit.ssh_audit:main ssh-audit-3.3.0/setup.py000066400000000000000000000015431470352310600151340ustar00rootroot00000000000000import re import sys from setuptools import setup print_warning = False m = re.search(r'^VERSION\s*=\s*\'v(\d\.\d\.\d)\'', open('src/ssh_audit/globals.py').read(), re.M) if m is None: # If we failed to parse the stable version, see if this is the development version. m = re.search(r'^VERSION\s*=\s*\'v(\d\.\d\.\d-dev)\'', open('src/ssh_audit/globals.py').read(), re.M) if m is None: print("Error: could not parse VERSION variable from ssh_audit.py.") sys.exit(1) else: # Continue with the development version, but print a warning later. print_warning = True version = m.group(1) print("\n\nPackaging ssh-audit v%s...\n\n" % version) # see setup.cfg setup() if print_warning: print("\n\n !!! WARNING: development version detected (%s). Are you sure you want to package this version? Probably not...\n" % version) ssh-audit-3.3.0/snapcraft.yaml000066400000000000000000000007531470352310600162710ustar00rootroot00000000000000name: ssh-audit # 'version' field will be automatically added by build_snap.sh. license: 'MIT' summary: ssh-audit description: | SSH server and client security configuration auditor. Official repository: base: core22 grade: stable confinement: strict architectures: - build-on: [amd64] build-for: [all] apps: ssh-audit: command: bin/ssh-audit plugs: [network,network-bind,home] parts: ssh-audit: plugin: python source: . ssh-audit-3.3.0/src/000077500000000000000000000000001470352310600142065ustar00rootroot00000000000000ssh-audit-3.3.0/src/ssh_audit/000077500000000000000000000000001470352310600161715ustar00rootroot00000000000000ssh-audit-3.3.0/src/ssh_audit/__init__.py000066400000000000000000000000001470352310600202700ustar00rootroot00000000000000ssh-audit-3.3.0/src/ssh_audit/__main__.py000066400000000000000000000004151470352310600202630ustar00rootroot00000000000000import sys import traceback from ssh_audit.ssh_audit import main from ssh_audit import exitcodes exit_code = exitcodes.GOOD try: exit_code = main() except Exception: exit_code = exitcodes.UNKNOWN_ERROR print(traceback.format_exc()) sys.exit(exit_code) ssh-audit-3.3.0/src/ssh_audit/algorithm.py000066400000000000000000000047661470352310600205460ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.product import Product class Algorithm: @staticmethod def get_ssh_version(version_desc: str) -> Tuple[str, str, bool]: is_client = version_desc.endswith('C') if is_client: version_desc = version_desc[:-1] if version_desc.startswith('d'): return Product.DropbearSSH, version_desc[1:], is_client elif version_desc.startswith('l1'): return Product.LibSSH, version_desc[2:], is_client else: return Product.OpenSSH, version_desc, is_client @classmethod def get_since_text(cls, versions: List[Optional[str]]) -> Optional[str]: tv = [] if len(versions) == 0 or versions[0] is None: return None for v in versions[0].split(','): ssh_prod, ssh_ver, is_cli = cls.get_ssh_version(v) if not ssh_ver: continue if ssh_prod in [Product.LibSSH]: continue if is_cli: ssh_ver = '{} (client only)'.format(ssh_ver) tv.append('{} {}'.format(ssh_prod, ssh_ver)) if len(tv) == 0: return None return 'available since ' + ', '.join(tv).rstrip(', ') ssh-audit-3.3.0/src/ssh_audit/algorithms.py000066400000000000000000000236521470352310600207240ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2021 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.algorithm import Algorithm from ssh_audit.product import Product from ssh_audit.software import Software from ssh_audit.ssh1_kexdb import SSH1_KexDB from ssh_audit.ssh1_publickeymessage import SSH1_PublicKeyMessage from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.ssh2_kexdb import SSH2_KexDB from ssh_audit.timeframe import Timeframe from ssh_audit.utils import Utils class Algorithms: def __init__(self, pkm: Optional[SSH1_PublicKeyMessage], kex: Optional[SSH2_Kex]) -> None: self.__ssh1kex = pkm self.__ssh2kex = kex @property def ssh1kex(self) -> Optional[SSH1_PublicKeyMessage]: return self.__ssh1kex @property def ssh2kex(self) -> Optional[SSH2_Kex]: return self.__ssh2kex @property def ssh1(self) -> Optional['Algorithms.Item']: if self.ssh1kex is None: return None item = Algorithms.Item(1, SSH1_KexDB.get_db()) item.add('key', ['ssh-rsa1']) item.add('enc', self.ssh1kex.supported_ciphers) item.add('aut', self.ssh1kex.supported_authentications) return item @property def ssh2(self) -> Optional['Algorithms.Item']: if self.ssh2kex is None: return None item = Algorithms.Item(2, SSH2_KexDB.get_db()) item.add('kex', self.ssh2kex.kex_algorithms) item.add('key', self.ssh2kex.key_algorithms) item.add('enc', self.ssh2kex.server.encryption) item.add('mac', self.ssh2kex.server.mac) return item @property def values(self) -> Iterable['Algorithms.Item']: for item in [self.ssh1, self.ssh2]: if item is not None: yield item @property def maxlen(self) -> int: def _ml(items: Sequence[str]) -> int: return max(len(i) for i in items) maxlen = 0 if self.ssh1kex is not None: maxlen = max(_ml(self.ssh1kex.supported_ciphers), _ml(self.ssh1kex.supported_authentications), maxlen) if self.ssh2kex is not None: maxlen = max(_ml(self.ssh2kex.kex_algorithms), _ml(self.ssh2kex.key_algorithms), _ml(self.ssh2kex.server.encryption), _ml(self.ssh2kex.server.mac), maxlen) return maxlen def get_ssh_timeframe(self, for_server: Optional[bool] = None) -> 'Timeframe': timeframe = Timeframe() for alg_pair in self.values: alg_db = alg_pair.db for alg_type, alg_list in alg_pair.items(): for alg_name in alg_list: alg_name_native = Utils.to_text(alg_name) alg_desc = alg_db[alg_type].get(alg_name_native) if alg_desc is None: continue versions = alg_desc[0] timeframe.update(versions, for_server) return timeframe def get_recommendations(self, software: Optional['Software'], for_server: bool = True) -> Tuple[Optional['Software'], Dict[int, Dict[str, Dict[str, Dict[str, int]]]]]: # pylint: disable=too-many-locals,too-many-statements vproducts = [Product.OpenSSH, Product.DropbearSSH, Product.LibSSH, Product.TinySSH] # Set to True if server is not one of vproducts, above. unknown_software = False if software is not None: if software.product not in vproducts: unknown_software = True # The code below is commented out because it would try to guess what the server is, # usually resulting in wild & incorrect recommendations. # if software is None: # ssh_timeframe = self.get_ssh_timeframe(for_server) # for product in vproducts: # if product not in ssh_timeframe: # continue # version = ssh_timeframe.get_from(product, for_server) # if version is not None: # software = SSH.Software(None, product, version, None, None) # break rec: Dict[int, Dict[str, Dict[str, Dict[str, int]]]] = {} if software is None: unknown_software = True for alg_pair in self.values: sshv, alg_db = alg_pair.sshv, alg_pair.db rec[sshv] = {} for alg_type, alg_list in alg_pair.items(): if alg_type == 'aut': continue rec[sshv][alg_type] = {'add': {}, 'del': {}, 'chg': {}} for n, alg_desc in alg_db[alg_type].items(): versions = alg_desc[0] empty_version = False if len(versions) == 0 or versions[0] is None: empty_version = True else: matches = False if unknown_software: matches = True for v in versions[0].split(','): ssh_prefix, ssh_version, is_cli = Algorithm.get_ssh_version(v) if not ssh_version: continue if (software is not None) and (ssh_prefix != software.product): continue if is_cli and for_server: continue if (software is not None) and (software.compare_version(ssh_version) < 0): continue matches = True break if not matches: continue adl, faults = len(alg_desc), 0 for i in range(1, 3): if not adl > i: continue fc = len(alg_desc[i]) if fc > 0: faults += pow(10, 2 - i) * fc if n not in alg_list: # Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server. Also don't recommend 'ext-info-[cs]' nor 'kex-strict-[cs]-v00@openssh.com' key exchanges. if faults > 0 or \ (alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or \ (alg_type == 'kex' and (n.startswith('ext-info-') or n.startswith('kex-strict-'))) or \ empty_version: continue rec[sshv][alg_type]['add'][n] = 0 else: if faults == 0: continue if n in ['diffie-hellman-group-exchange-sha256', 'rsa-sha2-256', 'rsa-sha2-512', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com']: rec[sshv][alg_type]['chg'][n] = faults else: rec[sshv][alg_type]['del'][n] = faults # If we are working with unknown software, drop all add recommendations, because we don't know if they're valid. if unknown_software: rec[sshv][alg_type]['add'] = {} add_count = len(rec[sshv][alg_type]['add']) del_count = len(rec[sshv][alg_type]['del']) chg_count = len(rec[sshv][alg_type]['chg']) if add_count == 0: del rec[sshv][alg_type]['add'] if del_count == 0: del rec[sshv][alg_type]['del'] if chg_count == 0: del rec[sshv][alg_type]['chg'] if len(rec[sshv][alg_type]) == 0: del rec[sshv][alg_type] if len(rec[sshv]) == 0: del rec[sshv] return software, rec class Item: def __init__(self, sshv: int, db: Dict[str, Dict[str, List[List[Optional[str]]]]]) -> None: self.__sshv = sshv self.__db = db self.__storage: Dict[str, List[str]] = {} @property def sshv(self) -> int: return self.__sshv @property def db(self) -> Dict[str, Dict[str, List[List[Optional[str]]]]]: return self.__db def add(self, key: str, value: List[str]) -> None: self.__storage[key] = value def items(self) -> Iterable[Tuple[str, List[str]]]: return self.__storage.items() ssh-audit-3.3.0/src/ssh_audit/auditconf.py000066400000000000000000000203031470352310600205150ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.policy import Policy from ssh_audit.utils import Utils class AuditConf: # pylint: disable=too-many-instance-attributes def __init__(self, host: str = '', port: int = 22) -> None: self.host = host self.port = port self.ssh1 = True self.ssh2 = True self.batch = False self.client_audit = False self.colors = True self.json = False self.json_print_indent = False self.verbose = False self.level = 'info' self.ip_version_preference: List[int] = [] # Holds only 5 possible values: [] (no preference), [4] (use IPv4 only), [6] (use IPv6 only), [46] (use both IPv4 and IPv6, but prioritize v4), and [64] (use both IPv4 and IPv6, but prioritize v6). self.ipv4 = False self.ipv6 = False self.make_policy = False # When True, creates a policy file from an audit scan. self.policy_file: Optional[str] = None # File system path to a policy self.policy: Optional[Policy] = None # Policy object self.timeout = 5.0 self.timeout_set = False # Set to True when the user explicitly sets it. self.target_file: Optional[str] = None self.target_list: List[str] = [] self.threads = 32 self.list_policies = False self.lookup = '' self.manual = False self.debug = False self.gex_test = '' self.dheat: Optional[str] = None self.dheat_concurrent_connections: int = 0 self.dheat_e_length: int = 0 self.dheat_target_alg: str = "" self.skip_rate_test = False self.conn_rate_test: str = "1:1" self.conn_rate_test_enabled = False self.conn_rate_test_threads = 0 self.conn_rate_test_target_rate = 0 def __setattr__(self, name: str, value: Union[str, int, float, bool, Sequence[int]]) -> None: valid = False if name in ['batch', 'client_audit', 'colors', 'json', 'json_print_indent', 'list_policies', 'manual', 'make_policy', 'ssh1', 'ssh2', 'timeout_set', 'verbose', 'debug', 'skip_rate_test']: valid, value = True, bool(value) elif name in ['ipv4', 'ipv6']: valid, value = True, bool(value) if len(self.ip_version_preference) == 2: # Being called more than twice is not valid. valid = False elif value: self.ip_version_preference.append(4 if name == 'ipv4' else 6) elif name == 'port': valid, port = True, Utils.parse_int(value) if port < 1 or port > 65535: raise ValueError('invalid port: {}'.format(value)) value = port elif name in ['level']: if value not in ('info', 'warn', 'fail'): raise ValueError('invalid level: {}'.format(value)) valid = True elif name == 'host': valid = True elif name == 'timeout': value = Utils.parse_float(value) if value == -1.0: raise ValueError('invalid timeout: {}'.format(value)) valid = True elif name in ['ip_version_preference', 'lookup', 'policy_file', 'policy', 'target_file', 'target_list', 'gex_test']: valid = True elif name == "threads": valid, num_threads = True, Utils.parse_int(value) if num_threads < 1: raise ValueError('invalid number of threads: {}'.format(value)) value = num_threads elif name == "dheat": # Valid values: # * None # * "10" (concurrent-connections) # * "10:diffie-hellman-group18-sha512" (concurrent-connections:target-alg) # * "10:diffie-hellman-group18-sha512:100" (concurrent-connections:target-alg:e-length) valid = True if value is not None: def _parse_concurrent_connections(s: str) -> int: if Utils.parse_int(s) < 1: raise ValueError("number of concurrent connections must be 1 or greater: {}".format(s)) return int(s) def _parse_e_length(s: str) -> int: s_int = Utils.parse_int(s) if s_int < 2: raise ValueError("length of e must not be less than 2: {}".format(s)) return s_int def _parse_target_alg(s: str) -> str: if len(s) == 0: raise ValueError("target algorithm must not be the empty string.") return s value = str(value) fields = value.split(':') self.dheat_concurrent_connections = _parse_concurrent_connections(fields[0]) # Parse the target algorithm if present. if len(fields) >= 2: self.dheat_target_alg = _parse_target_alg(fields[1]) # Parse the length of e, if present. if len(fields) == 3: self.dheat_e_length = _parse_e_length(fields[2]) if len(fields) > 3: raise ValueError("only three fields are expected instead of {}: {}".format(len(fields), value)) elif name in ["dheat_concurrent_connections", "dheat_e_length"]: valid = True if not isinstance(value, int): valid = False elif name == "dheat_target_alg": valid = True if not isinstance(value, str): valid = False elif name == "conn_rate_test": # Valid values: # * "4" (run rate test with 4 threads) # * "4:100" (run rate test with 4 threads, targeting 100 connections/second) error_msg = "valid format for {:s} is \"N\" or \"N:N\", where N is an integer.".format(name) self.conn_rate_test_enabled = True fields = str(value).split(":") if len(fields) > 2 or len(fields) == 0: raise ValueError(error_msg) else: self.conn_rate_test_threads = int(fields[0]) if self.conn_rate_test_threads < 1: raise ValueError("number of threads must be 1 or greater.") self.conn_rate_test_target_rate = 0 if len(fields) == 2: self.conn_rate_test_target_rate = int(fields[1]) if self.conn_rate_test_target_rate < 1: raise ValueError("rate target must be 1 or greater.") elif name == "conn_rate_test_enabled": valid = True if not isinstance(value, bool): valid = False elif name in ["conn_rate_test_threads", "conn_rate_test_target_rate"]: valid = True if not isinstance(value, int): valid = False if valid: object.__setattr__(self, name, value) ssh-audit-3.3.0/src/ssh_audit/banner.py000066400000000000000000000070431470352310600200140ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import re # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.utils import Utils class Banner: _RXP, _RXR = r'SSH-\d\.\s*?\d+', r'(-\s*([^\s]*)(?:\s+(.*))?)?' RX_PROTOCOL = re.compile(re.sub(r'\\d(\+?)', r'(\\d\g<1>)', _RXP)) RX_BANNER = re.compile(r'^({0}(?:(?:-{0})*)){1}$'.format(_RXP, _RXR)) def __init__(self, protocol: Tuple[int, int], software: Optional[str], comments: Optional[str], valid_ascii: bool) -> None: self.__protocol = protocol self.__software = software self.__comments = comments self.__valid_ascii = valid_ascii @property def protocol(self) -> Tuple[int, int]: return self.__protocol @property def software(self) -> Optional[str]: return self.__software @property def comments(self) -> Optional[str]: return self.__comments @property def valid_ascii(self) -> bool: return self.__valid_ascii def __str__(self) -> str: r = 'SSH-{}.{}'.format(self.protocol[0], self.protocol[1]) if self.software is not None: r += '-{}'.format(self.software) if bool(self.comments): r += ' {}'.format(self.comments) return r def __repr__(self) -> str: p = '{}.{}'.format(self.protocol[0], self.protocol[1]) r = 'protocol={}'.format(p) if self.software is not None: r += ', software={}'.format(self.software) if bool(self.comments): r += ', comments={}'.format(self.comments) return '<{}({})>'.format(self.__class__.__name__, r) @classmethod def parse(cls, banner: str) -> Optional['Banner']: valid_ascii = Utils.is_print_ascii(banner) ascii_banner = Utils.to_print_ascii(banner) mx = cls.RX_BANNER.match(ascii_banner) if mx is None: return None protocol = min(re.findall(cls.RX_PROTOCOL, mx.group(1))) protocol = (int(protocol[0]), int(protocol[1])) software = (mx.group(3) or '').strip() or None if software is None and (mx.group(2) or '').startswith('-'): software = '' comments = (mx.group(4) or '').strip() or None if comments is not None: comments = re.sub(r'\s+', ' ', comments) return cls(protocol, software, comments, valid_ascii) ssh-audit-3.3.0/src/ssh_audit/builtin_policies.py000066400000000000000000002033701470352310600221050ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2020-2024 Joe Testa (jtesta@positronsecurity.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ from typing import Any, Dict, List, Optional, Union # Each field maps directly to a private member variable of the Policy class. BUILTIN_POLICIES: Dict[str, Dict[str, Union[Optional[str], Optional[List[str]], bool, Dict[str, Any]]]] = { # Amazon Linux 2023 'Hardened Amazon Linux 2023 (version 1)': {'version': '1', 'changelog': 'Initial version', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Amazon Linux 2023 (version 2)': {'version': '2', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency. Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, # Debian Server 12 'Hardened Debian 12 (version 1)': {'version': '1', 'changelog': 'Initial version', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Debian 12 (version 2)': {'version': '2', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency. Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, # Rocky Linux 9 'Hardened Rocky Linux 9 (version 1)': {'version': '1', 'changelog': 'Initial version', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Rocky Linux 9 (version 2)': {'version': '2', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency. Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, # Ubuntu Server policies 'Hardened Ubuntu Server 16.04 LTS (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519'], 'optional_host_keys': ['ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256@libssh.org', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Ubuntu Server 18.04 LTS (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519'], 'optional_host_keys': ['ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Ubuntu Server 20.04 LTS (version 5)': {'version': '5', 'changelog': 'Added kex-strict-s-v00@openssh.com to kex list.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Ubuntu Server 22.04 LTS (version 5)': {'version': '5', 'changelog': 'Added kex-strict-s-v00@openssh.com to kex list.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Ubuntu Server 22.04 LTS (version 6)': {'version': '6', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency. Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened Ubuntu Server 24.04 LTS (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'ext-info-s', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, # Generic OpenSSH Server policies 'Hardened OpenSSH Server v7.7 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v7.8 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v7.9 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.0 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.1 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.2 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.3 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.4 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.5 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.6 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.7 (version 4)': {'version': '4', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.8 (version 3)': {'version': '3', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v8.9 (version 3)': {'version': '3', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.0 (version 3)': {'version': '3', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.1 (version 3)': {'version': '3', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.2 (version 3)': {'version': '3', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.3 (version 3)': {'version': '3', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.4 (version 2)': {'version': '2', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.5 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.6 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-s', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.7 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-s', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.8 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-s', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, 'Hardened OpenSSH Server v9.9 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512', 'sntrup761x25519-sha512@openssh.com', 'mlkem768x25519-sha256', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-s', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True}, # Amazon Linux Policies 'Hardened Amazon Linux Client 2023 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Amazon Linux Client 2023 (version 2)': {'version': '2', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, # Debian Client Policies 'Hardened Debian Client 12 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Debian Client 12 (version 2)': {'version': '2', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, # Rocky Linux Policies 'Hardened Rocky Linux Client 9 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Rocky Linux Client 9 (version 2)': {'version': '2', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, # Ubuntu Client policies 'Hardened Ubuntu Client 16.04 LTS (version 2)': {'version': '2', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256', 'rsa-sha2-512'], 'optional_host_keys': None, 'kex': ['curve25519-sha256@libssh.org', 'diffie-hellman-group-exchange-sha256', 'ext-info-c'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Ubuntu Client 18.04 LTS (version 2)': {'version': '2', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256', 'rsa-sha2-512'], 'optional_host_keys': None, 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Ubuntu Client 20.04 LTS (version 3)': {'version': '3', 'changelog': 'Added kex-strict-c-v00@openssh.com to kex list.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512', 'rsa-sha2-512-cert-v01@openssh.com'], 'optional_host_keys': None, 'kex': ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Ubuntu Client 22.04 LTS (version 4)': {'version': '4', 'changelog': 'Added kex-strict-c-v00@openssh.com to kex list.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Ubuntu Client 22.04 LTS (version 5)': {'version': '5', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, 'Hardened Ubuntu Client 24.04 LTS (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False}, } ssh-audit-3.3.0/src/ssh_audit/dheat.py000066400000000000000000001626461470352310600176470ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2023-2024 Joe Testa (jtesta@positronsecurity.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import errno import multiprocessing import os import queue import random import select import socket import struct import sys import time import traceback from typing import Any, Dict, List, Optional, Tuple from ssh_audit.auditconf import AuditConf from ssh_audit.banner import Banner from ssh_audit import exitcodes from ssh_audit.gextest import GEXTest from ssh_audit.globals import SSH_HEADER from ssh_audit.ssh_socket import SSH_Socket from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.writebuf import WriteBuf class DHEat: # Maximum number of connections per second the server can allow until a warning is issued when Diffie-Hellman algorithms are supported. MAX_SAFE_RATE = 20.0 # The warning added to DH algorithms in the UI when dh_rate_test determines that no throttling is being done. DHEAT_WARNING = "Potentially insufficient connection throttling detected, resulting in possible vulnerability to the DHEat DoS attack (CVE-2002-20001). {connections:d} connections were created in {time_elapsed:.3f} seconds, or {rate:.1f} conns/sec; server must respond with a rate less than {max_safe_rate:.1f} conns/sec per IPv4/IPv6 source address to be considered safe. For rate-throttling options, please see . Be aware that using 'PerSourceMaxStartups 1' properly protects the server from this attack, but will cause this test to yield a false positive. Suppress this test and message with the --skip-rate-test option." # List of the Diffie-Hellman group exchange algorithms this test supports. gex_algs = [ "diffie-hellman-group-exchange-sha256", # Implemented in OpenSSH. "diffie-hellman-group-exchange-sha1", # Implemented in OpenSSH. "diffie-hellman-group-exchange-sha224@ssh.com", "diffie-hellman-group-exchange-sha256@ssh.com", "diffie-hellman-group-exchange-sha384@ssh.com", "diffie-hellman-group-exchange-sha512@ssh.com", ] # List of key exchange algorithms, sorted by largest modulus size. alg_priority = [ "diffie-hellman-group18-sha512", # Implemented in OpenSSH. "diffie-hellman-group18-sha512@ssh.com", "diffie-hellman-group17-sha512", "diffie-hellman_group17-sha512", # Note that this is not the same as the one above it. "diffie-hellman-group16-sha512", # Implemented in OpenSSH. "diffie-hellman-group16-sha256", "diffie-hellman-group16-sha384@ssh.com", "diffie-hellman-group16-sha512", "diffie-hellman-group16-sha512@ssh.com", "diffie-hellman-group15-sha256", "diffie-hellman-group15-sha256@ssh.com", "diffie-hellman-group15-sha384@ssh.com", "diffie-hellman-group15-sha512", "diffie-hellman-group14-sha256", # Implemented in OpenSSH. "diffie-hellman-group14-sha1", # Implemented in OpenSSH. "diffie-hellman-group14-sha224@ssh.com", "diffie-hellman-group14-sha256@ssh.com", "diffie-hellman-group1-sha1", # Implemented in OpenSSH. "diffie-hellman-group1-sha256", "curve25519-sha256", # Implemented in OpenSSH. "curve25519-sha256@libssh.org", # Implemented in OpenSSH. "ecdh-sha2-nistp256", # Implemented in OpenSSH. "ecdh-sha2-nistp384", # Implemented in OpenSSH. "ecdh-sha2-nistp521", # Implemented in OpenSSH. "sntrup761x25519-sha512@openssh.com", # Implemented in OpenSSH. ] # Dictionary of key exchanges mapped to their modulus size. alg_modulus_sizes = { "diffie-hellman-group18-sha512": 8192, "diffie-hellman-group18-sha512@ssh.com": 8192, "diffie-hellman-group17-sha512": 6144, "diffie-hellman_group17-sha512": 6144, "diffie-hellman-group16-sha512": 4096, "diffie-hellman-group16-sha256": 4096, "diffie-hellman-group16-sha384@ssh.com": 4096, "diffie-hellman-group16-sha512@ssh.com": 4096, "diffie-hellman-group15-sha256": 3072, "diffie-hellman-group15-sha256@ssh.com": 3072, "diffie-hellman-group15-sha384@ssh.com": 3072, "diffie-hellman-group15-sha512": 3072, "diffie-hellman-group14-sha256": 2048, "diffie-hellman-group14-sha1": 2048, "diffie-hellman-group14-sha224@ssh.com": 2048, "diffie-hellman-group14-sha256@ssh.com": 2048, "diffie-hellman-group1-sha1": 1024, "diffie-hellman-group1-sha256": 1024, "curve25519-sha256": (31 * 8), "curve25519-sha256@libssh.org": (31 * 8), "ecdh-sha2-nistp256": (64 * 8), "ecdh-sha2-nistp384": (96 * 8), "ecdh-sha2-nistp521": (132 * 8), "sntrup761x25519-sha512@openssh.com": (1189 * 8), } # List of DH algorithms that have been validated by the maintainer. There is quite the long list of DH algorithms available (see above), and testing them all would require a lot of time as many are not implemented in OpenSSH. So perhaps the community can help with testing... tested_algs = ["diffie-hellman-group18-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group-exchange-sha256", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "curve25519-sha256", "curve25519-sha256@libssh.org", "sntrup761x25519-sha512@openssh.com"] # If a DH algorithm is used that is not in the tested_algs list, above, then write this notice to the user. untested_alg_notice = "{color_start:s}NOTE:{color_end:s} the target DH algorithm ({dh_alg:s}) has not been tested by the maintainer. If you can verify that the server's CPU is fully utilized, please copy/paste this output to jtesta@positronsecurity.com." # Hardcoded ECDH ephemeral public keys for NIST-P256, NIST-P384, and NIST-P521. These need to lie on the ellipical curve in order to be accepted by the server, so generating them quickly isn't easy without an external crypto library. So we'll just use some hardcoded ones. HARDCODED_NISTP256 = b"\x04\x9d\x32\xad\x75\x68\xc3\x43\x30\x12\x1b\x64\x5d\x12\x3e\x18\x7b\xd2\x5a\xd6\x42\x6b\xb5\xab\xa3\x16\xda\x64\xe7\x15\x22\xd2\x66\xae\xcb\xcc\x9c\x64\x57\x32\x76\x41\x74\xeb\xff\xda\x28\xd6\x6e\x10\x98\x60\x56\x74\x30\x37\x97\xd2\x7f\x29\xd9\x99\xf1\x58\x8a" HARDCODED_NISTP384 = b"\x04\x94\xd9\xd2\x49\xac\xb6\x23\x59\x47\x32\x50\x5f\xaf\x55\x6e\x7a\x4a\x00\x82\xd9\xb1\x4c\xe4\x61\x05\x70\x91\x99\x19\xbe\x84\x2d\x3a\x74\x7c\xd8\xd1\xc1\x1a\x5c\xbf\xd3\x33\xcb\x25\x51\x1c\x66\x76\x53\x04\x92\x4f\xb3\x1f\x9b\x19\xba\x6b\x1a\xe2\x91\x04\xc6\x4c\x9c\xec\xa9\x43\xd0\x2e\x08\x4b\x2a\x50\xcf\x31\x46\xb3\x6c\x29\xd0\xf1\x26\x9e\x57\x17\xe1\xf8\x29\xce\xb5\x9a\x96\x2b\x94" HARDCODED_NISTP521 = b"\x04\x00\x51\xb7\xf4\x51\x54\x7c\x60\xd9\xe8\x90\x8f\x40\xcd\x05\x7e\x75\xcf\xfc\x3b\xe8\xa6\x45\x8b\xe3\xb5\x99\x75\xf6\x42\xef\x34\x5a\x9a\x86\x90\x43\x52\x62\x49\xd9\x62\x50\xc0\xb7\xdd\xe0\x34\x2e\x25\x3f\x3e\x1f\x19\xdd\xf5\xc9\x11\xe4\x6f\xd0\xe2\x59\x86\xc3\x7b\x01\xd3\xf7\x5a\x28\x72\x73\x3c\x7e\x4d\x8f\x08\x2a\x70\x94\x93\x83\xe2\xed\xf2\xd6\xf6\x3e\x63\xb8\xb9\xaa\x83\x2a\xd3\x96\xca\xde\x38\x62\x19\x1e\x84\x84\xad\xfe\x06\xfc\x2b\xb2\x1b\x79\x63\xfc\x1e\x6d\x85\x14\xba\x3c\x64\xd9\x64\x75\xd5\x74\xcb\x5b\x3d\xc3\x9f" # Algorithms that must use hard-coded e values. HARDCODED_ALGS = ["ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521"] # Post-quantum algorithms matched with traditional crypto. COMPLEX_PQ_ALGS = ["sntrup761x25519-sha512@openssh.com"] CLEAR = "" BLUEB = "" GREENB = "" PURPLEB = "" REDB = "" WHITEB = "" YELLOWB = "" BAR_CHART = " " CHART_UPWARDS = " " def __init__(self, out: 'OutputBuffer', aconf: 'AuditConf', banner: Optional['Banner'], kex: 'SSH2_Kex') -> None: self.out = out self.target = aconf.host self.port = aconf.port # We'll use the server's banner as our own. Otherwise, use ssh-audit's default. self.banner = SSH_HEADER.format("2.0").encode("utf-8") + b"\r\n" if banner is not None: self.banner = str(banner).encode("utf-8") + b"\r\n" # The SSH2_Kex object that we recieved from the server in a prior connection. We'll use it as a template to craft our own kex. self.kex = kex # Resolve the target to an IP address depending on the user preferences (IPv4 or IPv6). self.debug("Resolving target %s..." % self.target) self.target_address_family, self.target_ip_address = DHEat._resolve_hostname(self.target, aconf.ip_version_preference) self.debug("Resolved %s to %s (address family %u)" % (self.target, self.target_ip_address, self.target_address_family)) # The connection and read timeouts. self.connect_timeout = aconf.timeout self.read_timeout = aconf.timeout # True when we are in debug mode. self.debug_mode = aconf.debug # The length of our fake e value to give to the server. It is automatically set based on the DH modulus size we are targeting, or by the user for advanced testing. self.e_rand_len = 0 # The SSH Key Exchange Init message. This is the same for each connection (minus the random 16-byte cookie field, so it will be pre-computed to save time. self.kex_init_body = b'' # Disable buffered output. self.out.buffer_output = False # We'll use a weak/fast PRNG to generate the most significant byte of our fake e response to the server. random.seed() # Attack statistics. self.num_attempted_tcp_connections = 0 self.num_successful_tcp_connections = 0 self.num_successful_dh_kex = 0 self.num_failed_dh_kex = 0 self.num_bytes_written = 0 self.num_connect_timeouts = 0 self.num_read_timeouts = 0 self.num_socket_exceptions = 0 self.num_openssh_throttled_connections = 0 # The time we started the attack. self.start_timer = 0.0 # The number of concurrent sockets to open with the server. self.concurrent_connections = 10 # The key exchange algorithm name that we are targeting on the server. If empty, we will choose the best available option. Otherwise, it is set by the user. self.target_kex = "" self.user_set_e_len = False self.send_all_packets_at_once = False if aconf.dheat is not None: self.concurrent_connections = aconf.dheat_concurrent_connections self.target_kex = aconf.dheat_target_alg # If the user specified a length of e to use instead of the correct length determined at run-time. if aconf.dheat_e_length > 0: self.send_all_packets_at_once = True # If the user specified the e length (which is non-standard), we'll also send all SSH packets at once to reduce latency (which is also non-standard). This involves sending the banner, KEX INIT, DH KEX INIT all in the same packet without waiting for the server to respond to them individually. self.user_set_e_len = True self.e_rand_len = aconf.dheat_e_length # User wants to perform a rate test. self.rate_test = False self.target_rate = 0 # When performing a rate test, this is the number of successful connections per second we are targeting. 0=no rate limit. if aconf.conn_rate_test_enabled: self.rate_test = True self.concurrent_connections = aconf.conn_rate_test_threads self.target_rate = aconf.conn_rate_test_target_rate # Set the color flags & emjojis, if applicable. if aconf.colors: DHEat.CLEAR = "\033[0m" DHEat.WHITEB = "\033[1;97m" DHEat.BLUEB = "\033[1;94m" # Blue + bold DHEat.PURPLEB = "\033[1;95m" # Purple + bold DHEat.YELLOWB = "\033[1;93m" # Yellow + bold DHEat.GREENB = "\033[1;92m" # Green + bold DHEat.REDB = "\033[1;91m" # Red + bold DHEat.BAR_CHART = "\U0001F4CA" # The bar chart emoji. DHEat.CHART_UPWARDS = "\U0001F4C8" # The upwards chart emoji. @staticmethod def add_byte_units(n: float) -> str: '''Converts a number of bytes to a human-readable representation (i.e.: 10000 -> "9.8KB").''' if n >= 1073741824: return "%.1fGB" % (n / 1073741824) if n >= 1048576: return "%.1fMB" % (n / 1048576) if n >= 1024: return "%.1fKB" % (n / 1024) return "%u bytes" % n def analyze_gex(self, server_gex_alg: str) -> int: '''Analyzes a server's Diffie-Hellman group exchange algorithm. The largest modulus it supports is determined, then it is inserted into DHEat.alg_priority list while maintaining order by largest modulus. The largest modulus is also returned.''' self.output("Analyzing server's group exchange algorithm, %s, to find largest modulus it supports..." % (server_gex_alg)) largest_bit_modulus = 0 try: largest_bit_modulus = self.get_largest_gex_modulus(server_gex_alg) except Exception: # On exception, simply print the stack trace and continue on. traceback.print_exc() if largest_bit_modulus > 0: DHEat.alg_modulus_sizes[server_gex_alg] = largest_bit_modulus self.debug("GEX algorithm [%s] supports a max modulus of %u bits." % (server_gex_alg, largest_bit_modulus)) # Now that we have the largest modulus for this GEX, insert it into the prioritized list of algorithms. If, say, there are three 8192-bit kex algorithms in the list, we'll insert it as the 4th entry, as plain KEX algorithms require less network activity to trigger than GEX. i = 0 inserted = False while i < len(DHEat.alg_priority): prioritized_alg = DHEat.alg_priority[i] prioritized_alg_size = DHEat.alg_modulus_sizes[prioritized_alg] if largest_bit_modulus > prioritized_alg_size + 1: # + 1 to ensure algs with equal number of bits keep priority over this GEX. DHEat.alg_priority.insert(i, server_gex_alg) inserted = True self.debug("Inserted %s into prioritized algorithm list at index %u: [%s]" % (server_gex_alg, i, ", ".join(DHEat.alg_priority))) break i += 1 # Handle the case where all existing algs have a larger modulus. if inserted is False: DHEat.alg_priority.append(server_gex_alg) self.debug("Appended %s to end of prioritized algorithm list: [%s]" % (server_gex_alg, ", ".join(DHEat.alg_priority))) self.output("The largest modulus supported by %s appears to be %u." % (server_gex_alg, largest_bit_modulus)) return largest_bit_modulus def debug(self, s: str) -> None: '''Prints a string to the console when debugging mode is enabled.''' self.out.d(s) @staticmethod def dh_rate_test(out: 'OutputBuffer', aconf: 'AuditConf', kex: 'SSH2_Kex', max_time: float, max_connections: int, concurrent_sockets: int) -> str: '''Attempts to quickly create many sockets to the target server. This simulates the DHEat attack without causing an actual DoS condition. If a rate greater than MAX_SAFE_RATE is allowed, then a warning string is returned.''' # Gracefully handle when the user presses CTRL-C to break the interactive rate test. ret = "" try: ret = DHEat._dh_rate_test(out, aconf, kex, max_time, max_connections, concurrent_sockets) except KeyboardInterrupt: print() return ret @staticmethod def _dh_rate_test(out: 'OutputBuffer', aconf: 'AuditConf', kex: 'SSH2_Kex', max_time: float, max_connections: int, concurrent_sockets: int) -> str: '''Attempts to quickly create many sockets to the target server. This simulates the DHEat attack without causing an actual DoS condition. If a rate greater than MAX_SAFE_RATE is allowed, then a warning string is returned.''' def _close_socket(socket_dict: Dict[socket.socket, float], s: socket.socket) -> None: try: s.shutdown(socket.SHUT_RDWR) s.close() except OSError: pass del socket_dict[s] # Resolve the target into an IP address out.d("Resolving target %s..." % aconf.host) target_address_family, target_ip_address = DHEat._resolve_hostname(aconf.host, aconf.ip_version_preference) out.d("Resolved %s to %s (address family %u)" % (aconf.host, target_ip_address, target_address_family)) spinner = ["-", "\\", "|", "/"] spinner_index = 0 # If the user passed --conn-rate-test, then we'll perform an interactive rate test against the target. interactive = False multiline_output = False if aconf.conn_rate_test_enabled: interactive = True max_connections = 999999999999999999 concurrent_sockets = aconf.conn_rate_test_threads DHEat.CLEAR = "\033[0m" DHEat.WHITEB = "\033[1;97m" DHEat.BLUEB = "\033[1;94m" # Enable multi-line output only if we're running in the Bash shell. This might work in other shells, too, but they are untested. shell = os.getenv("SHELL", default="") if shell.endswith("/bash") or shell == "bash": multiline_output = True rate_str = "" if aconf.conn_rate_test_target_rate > 0: rate_str = " at a max rate of %s%u%s connections per second" % (DHEat.WHITEB, aconf.conn_rate_test_target_rate, DHEat.CLEAR) print() print("Performing non-disruptive rate test against %s[%s]:%u%s with %s%u%s concurrent sockets%s. No Diffie-Hellman requests will be sent." % (DHEat.WHITEB, target_ip_address, aconf.port, DHEat.CLEAR, DHEat.WHITEB, concurrent_sockets, DHEat.CLEAR, rate_str)) print() # Make room for the multi-line output. if multiline_output: print("\n\n\n\n") else: # We'll do a non-interactive test as part of a standard audit. # Ensure that the server supports at least one DH algorithm. Otherwise, this test is pointless. server_dh_kex = [] for server_kex in kex.kex_algorithms: if (server_kex in DHEat.alg_priority) or (server_kex in DHEat.gex_algs): server_dh_kex.append(server_kex) if len(server_dh_kex) == 0: out.d("Skipping DHEat.dh_rate_test() since server does not support any DH algorithms: [%s]" % ", ".join(kex.kex_algorithms)) return "" else: out.d("DHEat.dh_rate_test(): starting test; parameters: %f seconds, %u max connections, %u concurrent sockets." % (max_time, max_connections, concurrent_sockets), write_now=True) num_attempted_connections = 0 num_opened_connections = 0 num_exceeded_maxstartups = 0 socket_dict: Dict[socket.socket, float] = {} start_timer = time.time() now = start_timer last_update = start_timer while True: now = time.time() # During non-interactive tests, limit based on time and number of connections. Otherwise, we loop indefinitely until the user presses CTRL-C. if (interactive is False) and ((now - start_timer) >= max_time) or (num_opened_connections >= max_connections): break # out.d("interactive: %r; time.time() - start_timer: %f; max_time: %f; num_opened_connections: %u; max_connections: %u" % (interactive, time.time() - start_timer, max_time, num_opened_connections, max_connections), write_now=True) # Give the user some interactive feedback. if interactive: if (now - last_update) >= 1.0: seconds_running = now - start_timer if multiline_output: print("\033[5ARun time: %s%.1f%s seconds" % (DHEat.WHITEB, seconds_running, DHEat.CLEAR)) print("TCP SYNs: %s%u%s (total); %s%.1f%s (per second)" % (DHEat.WHITEB, num_attempted_connections, DHEat.CLEAR, DHEat.BLUEB, num_attempted_connections / seconds_running, DHEat.CLEAR)) print("Completed connections: %s%u%s (total); %s%.1f%s (per second)" % (DHEat.WHITEB, num_opened_connections, DHEat.CLEAR, DHEat.BLUEB, num_opened_connections / seconds_running, DHEat.CLEAR)) print("\"Exceeded MaxStartups\" responses: %s%u%s (total); %s%.1f%s (per second)" % (DHEat.WHITEB, num_exceeded_maxstartups, DHEat.CLEAR, DHEat.BLUEB, num_exceeded_maxstartups / seconds_running, DHEat.CLEAR)) print("%s%s%s" % (DHEat.WHITEB, spinner[spinner_index], DHEat.CLEAR)) else: print("%s%s%s Run time: %s%.1f%s; TCP SYNs: %s%u%s; Compl. conns: %s%u%s; TCP SYNs/sec: %s%.1f%s; Compl. conns/sec: %s%.1f%s \r" % (DHEat.WHITEB, spinner[spinner_index], DHEat.CLEAR, DHEat.WHITEB, seconds_running, DHEat.CLEAR, DHEat.WHITEB, num_attempted_connections, DHEat.CLEAR, DHEat.WHITEB, num_opened_connections, DHEat.CLEAR, DHEat.BLUEB, num_attempted_connections / seconds_running, DHEat.CLEAR, DHEat.BLUEB, num_opened_connections / seconds_running, DHEat.CLEAR), end="") last_update = now spinner_index = (spinner_index + 1) % 4 # If a max rate per second was specified, calculate the amount of time to sleep so we don't exceed it. if aconf.conn_rate_test_target_rate > 0: time_so_far = now - start_timer current_rate = num_opened_connections / time_so_far if current_rate > aconf.conn_rate_test_target_rate: sleep_time = num_opened_connections / (aconf.conn_rate_test_target_rate * time_so_far) if sleep_time > 0.0: time.sleep(sleep_time) # Check our sockets to see if they've existed for more than 30 seconds. If so, close them so new ones can be re-opened in their place. timedout_sockets = [] for s, create_time in socket_dict.items(): if (now - create_time) > 30: timedout_sockets.append(s) # We shouldn't modify the dictionary while iterating over it, so add it to a separate list. # Now we can safely close the timed-out sockets. while True: if len(timedout_sockets) == 0: # Ensure that len() is called in every iteration by putting it here instead of the while clause. break out.d("Closing timed-out socket.", write_now=True) _close_socket(socket_dict, timedout_sockets[0]) del timedout_sockets[0] # Open new sockets until we've hit the number of concurrent sockets, or if we exceeded the number of maximum connections. while (len(socket_dict) < concurrent_sockets) and (len(socket_dict) + num_opened_connections < max_connections): s = socket.socket(target_address_family, socket.SOCK_STREAM) s.setblocking(False) # out.d("Creating socket (%u of %u already exist)..." % (len(socket_dict), concurrent_sockets), write_now=True) ret = s.connect_ex((target_ip_address, aconf.port)) num_attempted_connections += 1 if ret in [0, errno.EINPROGRESS, errno.EWOULDBLOCK]: socket_dict[s] = now else: out.d("connect_ex() returned: %s (%d)" % (os.strerror(ret), ret), write_now=True) # out.d("Calling select() on %u sockets..." % len(socket_dict), write_now=True) socket_list: List[socket.socket] = [*socket_dict] # Get a list of sockets from the dictionary. rlist, _, elist = select.select(socket_list, [], socket_list, 0.1) # For each socket that has something for us to read... for s in rlist: # out.d("Socket in read list.", write_now=True) buf = b'' try: buf = s.recv(8) # out.d("Banner: %r" % buf, write_now=True) except (ConnectionRefusedError, ConnectionResetError, BrokenPipeError, TimeoutError): out.d("Socket error.", write_now=True) _close_socket(socket_dict, s) continue # If we received the SSH header, we'll count this as an opened connection. if buf.startswith(b"SSH-"): num_opened_connections += 1 # out.d("Number of opened connections: %u (max: %u)." % (num_opened_connections, max_connections)) elif buf == b"Exceeded": num_exceeded_maxstartups += 1 # out.d("Number of \"Exceeded MaxStartups\": %u" % num_exceeded_maxstartups) _close_socket(socket_dict, s) # Since we just closed the socket, ensure its not in the exception list. if s in elist: elist.remove(s) # Close all sockets that are in the exception state. for s in elist: # out.d("Socket in exception list.", write_now=True) _close_socket(socket_dict, s) # Close any remaining sockets. while True: if len(socket_dict) == 0: # Ensure that len() is called in every iteration by putting it here instead of the while clause. break _close_socket(socket_dict, [*socket_dict][0]) # Close & remove the first socket we find. time_elapsed = time.time() - start_timer out.d("DHEat.dh_rate_test() results: time elapsed: %f; connections created: %u" % (time_elapsed, num_opened_connections), write_now=True) note = "" rate = 0.0 if time_elapsed > 0.0 and num_opened_connections > 0: rate = num_opened_connections / time_elapsed out.d("DHEat.dh_rate_test() results: %.1f connections opened per second." % rate, write_now=True) # If we were able to open connections at a rate greater than 25 per second, then we need to warn the user. if rate > DHEat.MAX_SAFE_RATE: note = DHEat.DHEAT_WARNING.format(connections=num_opened_connections, time_elapsed=time_elapsed, rate=rate, max_safe_rate=DHEat.MAX_SAFE_RATE) return note def generate_kex(self, chosen_kex_alg: str) -> None: '''Generates and sets the Key Exchange Init message we'll send to the server on each connection.''' # The kex template we use is the server's own kex returned from an initial connection. We'll only specify the first algorithm in each field for efficiency, since the server already told us it supports them. wbuf = WriteBuf() wbuf.write_list([chosen_kex_alg]) wbuf.write_list([self.kex.key_algorithms[0]] if len(self.kex.key_algorithms) > 0 else []) wbuf.write_list([self.kex.client.encryption[0]] if len(self.kex.client.encryption) > 0 else []) wbuf.write_list([self.kex.server.encryption[0]] if len(self.kex.server.encryption) > 0 else []) wbuf.write_list([self.kex.client.mac[0]] if len(self.kex.client.mac) > 0 else []) wbuf.write_list([self.kex.server.mac[0]] if len(self.kex.server.mac) > 0 else []) wbuf.write_list([self.kex.client.compression[0]] if len(self.kex.client.compression) > 0 else []) wbuf.write_list([self.kex.server.compression[0]] if len(self.kex.server.compression) > 0 else []) wbuf.write_list([self.kex.client.languages[0]] if len(self.kex.client.languages) > 0 else []) wbuf.write_list([self.kex.server.languages[0]] if len(self.kex.server.languages) > 0 else []) wbuf.write_bool(self.kex.follows) wbuf.write_int(self.kex.unused) self.kex_init_body = wbuf.write_flush() def get_largest_gex_modulus(self, server_gex_alg: str) -> int: '''Probes the server for the largest modulus size it supports through group-exchange algorithms.''' self.debug("Called get_largest_gex_modulus(%s)." % server_gex_alg) ssh_socket = SSH_Socket(self.out, self.target, self.port, timeout=self.connect_timeout, timeout_set=True) new_kex = SSH2_Kex(self.out, self.kex.cookie, [server_gex_alg], self.kex.key_algorithms, self.kex.client, self.kex.server, False, unused=0) # First, let's try a range of ridiculously large bits. This is unlikely to work, but it would make things very interesting if they did! ret: Dict[str, List[int]] = {} if GEXTest.granular_modulus_size_test(self.out, ssh_socket, new_kex, 9216, 12288, 16384, ret) == exitcodes.GOOD and server_gex_alg in ret: # Check that what the server accepted lies within the range we requested. accepted_bits = ret[server_gex_alg][0] if accepted_bits >= 9216: self.debug("get_largest_gex_modulus(%s) returning %u." % (server_gex_alg, accepted_bits)) ssh_socket.close() return accepted_bits else: self.debug("get_largest_gex_modulus(%s): received smaller bits (%u) than requested (9216 - 16384); continuing..." % (server_gex_alg, accepted_bits)) # Check the largest bit sizes first, and stop the moment we find something the server supports. for bits in [8192, 7680, 6144, 4096, 3072, 2048, 1024]: ret.clear() if GEXTest.granular_modulus_size_test(self.out, ssh_socket, new_kex, bits, bits, bits, ret) == exitcodes.GOOD and server_gex_alg in ret: # Check that what the server accepted lies within the range we requested. accepted_bits = ret[server_gex_alg][0] if accepted_bits == bits: self.debug("get_largest_gex_modulus(%s) returning %u." % (server_gex_alg, accepted_bits)) ssh_socket.close() return accepted_bits self.debug("get_largest_gex_modulus(%s): received smaller bits (%u) than requested (%u); continuing..." % (server_gex_alg, accepted_bits, bits)) # Our standard bit sizes failed above, so let's try a range from 1024 - 8192 as a last attempt... ret.clear() if GEXTest.granular_modulus_size_test(self.out, ssh_socket, new_kex, 1024, 4096, 8192, ret) == exitcodes.GOOD and server_gex_alg in ret: accepted_bits = ret[server_gex_alg][0] self.debug("get_largest_gex_modulus(%s) returning %u." % (server_gex_alg, accepted_bits)) ssh_socket.close() return accepted_bits # Total failure. :( return 0 def get_padding(self, payload: bytes) -> Tuple[int, bytes]: '''Given a payload, returns the padding length and the padding.''' pad_len = -(len(payload) + 5) % 8 if pad_len < 4: pad_len += 8 padding = b"\x00" * pad_len return pad_len, padding def make_dh_kexinit(self, chosen_alg: str, gex_msb: int = -1) -> bytes: '''Makes a Diffie-Hellman Key Exchange Init packet. Instead of calculating a real value for e, a random value less than p - 1 is constructed.''' # Start with a zero-byte to signify that this is not a negative number. The second byte must be 0xfe or smaller so as to ensure that our value of e < p - 1 (otherwise the server will reject it). All bytes thereafter can be random. message_code = b'\x1e' # Diffie-Hellman Key Exchange Init (30) max_msb = 254 # The most significant byte for KEX must be between 0x00 and 0xFE (inclusive). if gex_msb != -1: message_code = b'\x20' # Diffie-Hellman Group Exchange Init (32) max_msb = gex_msb - 1 # During the GEX negotiation, the server returned a custom p value. Subtracting by 1 ensures e < p - 1. if chosen_alg == "ecdh-sha2-nistp256": e = DHEat.HARDCODED_NISTP256 elif chosen_alg == "ecdh-sha2-nistp384": e = DHEat.HARDCODED_NISTP384 elif chosen_alg == "ecdh-sha2-nistp521": e = DHEat.HARDCODED_NISTP521 else: e = b"\x00" + int.to_bytes(random.randint(0, max_msb), length=1, byteorder="big") + os.urandom(self.e_rand_len) payload = message_code + struct.pack("!L", len(e)) + e pad_len, padding = self.get_padding(payload) return struct.pack("!LB", len(payload) + pad_len + 1, pad_len) + payload + padding def make_gex_request(self, gex_modulus_size: int) -> bytes: '''Creates a Diffie-Hellman Group Exchange Request packet.''' # Message code = 0x22 = Diffie-Hellman Group Exchange Request (34). payload = b'\x22' + struct.pack("!LLL", gex_modulus_size, gex_modulus_size, gex_modulus_size) pad_len, padding = self.get_padding(payload) return struct.pack("!LB", len(payload) + pad_len + 1, pad_len) + payload + padding def make_kexinit(self) -> bytes: '''Creates a complete Key Exchange Init packet, which contains the kex algorithm we're targeting, host keys & ciphers we support, etc. The algorithms we claim to support is really the list that the server gave to us in order to guarantee that it will accept our message.''' # Message code = 0x14 = Key Exchange Init (20). payload = b'\x14' + os.urandom(16) + self.kex_init_body pad_len, padding = self.get_padding(payload) return struct.pack("!LB", len(payload) + pad_len + 1, pad_len) + payload + padding def output(self, s: str = "") -> None: self.out.info(s) def read_banner(self, s: socket.socket) -> Tuple[bytes, bytes]: '''Returns the server's banner. Optionally returns extra bytes that came after the banner.''' read_buffer = b'' newline_pos = -1 timer = time.time() while newline_pos == -1: if (time.time() - timer) >= self.read_timeout: return b'', b'' buf = b'' try: buf = s.recv(32) except ConnectionResetError: return b'', b'' except socket.timeout: return b'', b'' if len(buf) == 0: return b'', b'' read_buffer += buf newline_pos = read_buffer.find(b"\r\n") extra = b'' if len(read_buffer) > newline_pos + 2: extra = read_buffer[newline_pos + 2:] return read_buffer[0:newline_pos], extra def read_ssh_packet(self, s: socket.socket, extra: bytes = b'') -> Tuple[int, int]: '''Reads an SSH packet and returns its message code. When Diffie-Hellman Key Exchange Reply (31) packets are read, the most-significant byte of the GEX p-value is also returned.''' extra_len = len(extra) buf = b'' if extra_len < 5: # self.debug("Obtaining lengths by reading %u bytes." % (5 - extra_len)) buf = s.recv(5 - extra_len) if len(buf) == 0: return -1, -1 buf = extra + buf extra = b'' extra_len = 0 else: buf = extra[0:5] extra = extra[5:] extra_len = len(extra) # self.debug("Unpacking lengths: %s" % buf) packet_len, padding_len = struct.unpack("!LB", buf) # pylint: disable=unused-variable # self.debug("Packet len: %u; padding len: %u" % (packet_len, padding_len)) packet_len -= 1 buf = extra + s.recv(packet_len - extra_len) if buf == b"": return -1, -1 message_code = buf[0] # If this is a Diffie-Hellman Key Exchange Reply (31), then obtain the most-significant byte of the p-value returned. gex_msb = -1 if message_code == 31 and len(buf) > 6: gex_msb = buf[5] if buf[5] != 0 else buf[6] return message_code, gex_msb def run(self) -> None: '''Main entrypoint for testing the server.''' self.start_timer = time.time() # Run against the server until the user presses CTRL-C, then dump statistics. success = True try: success = self._run() except KeyboardInterrupt: pass # Don't print statistics if it failed to run. if not success: return # Print extensive statistics on what just happened. seconds_running = time.time() - self.start_timer print("\n\n") print(" %s %sSTATISTICS%s %s" % (self.BAR_CHART, self.WHITEB, self.CLEAR, self.CHART_UPWARDS)) print(" %s----------%s" % (self.WHITEB, self.CLEAR)) print() print(" Run time: %s%.1f seconds%s" % (self.WHITEB, seconds_running, self.CLEAR)) print() print(" Attempted TCP connections: %s%.1f/sec, %u total%s" % (self.WHITEB, self.num_attempted_tcp_connections / seconds_running, self.num_attempted_tcp_connections, self.CLEAR)) print(" Successful TCP connections: %s%.1f/sec, %u total%s" % (self.WHITEB, self.num_successful_tcp_connections / seconds_running, self.num_successful_tcp_connections, self.CLEAR)) print() print(" Bytes written: %s%s/sec, %s total%s" % (self.WHITEB, DHEat.add_byte_units(self.num_bytes_written / seconds_running), DHEat.add_byte_units(self.num_bytes_written), self.CLEAR)) print() print(" Successful DH KEX replies: %s%.1f/sec, %u total%s" % (self.WHITEB, self.num_successful_dh_kex / seconds_running, self.num_successful_dh_kex, self.CLEAR)) print(" Unexpected DH KEX replies: %s%.1f/sec, %u total%s" % (self.WHITEB, self.num_failed_dh_kex / seconds_running, self.num_failed_dh_kex, self.CLEAR)) print("\"Exceeded MaxStartups\" replies*: %s%.1f/sec, %u total%s" % (self.WHITEB, self.num_openssh_throttled_connections / seconds_running, self.num_openssh_throttled_connections, self.CLEAR)) print() print(" Connection timeouts: %s%.1f/sec, %u total%s (timeout setting: %.1f sec)" % (self.WHITEB, self.num_connect_timeouts / seconds_running, self.num_connect_timeouts, self.CLEAR, self.connect_timeout)) print(" Read timeouts: %s%.1f/sec, %u total%s (timeout setting: %.1f sec)" % (self.WHITEB, self.num_read_timeouts / seconds_running, self.num_read_timeouts, self.CLEAR, self.read_timeout)) print(" Socket exceptions: %s%.1f/sec, %u total%s" % (self.WHITEB, self.num_socket_exceptions / seconds_running, self.num_socket_exceptions, self.CLEAR)) print() if seconds_running < 5.0: print("%sTotal run time was under 5 seconds; try running it for longer to get more accurate analysis.%s" % (DHEat.YELLOWB, DHEat.CLEAR)) elif self.num_successful_tcp_connections / seconds_running < DHEat.MAX_SAFE_RATE: print("Because the number of successful TCP connections per second (%.1f) is less than %.1f, it appears that the target %sis using rate limiting%s to prevent CPU exaustion." % (self.num_successful_tcp_connections / seconds_running, DHEat.MAX_SAFE_RATE, DHEat.GREENB, DHEat.CLEAR)) else: print("Because the number of successful TCP connections per second (%.1f) is greater than %.1f, it appears that the target %sis NOT using rate limiting%s to prevent CPU exaustion." % (self.num_successful_tcp_connections / seconds_running, DHEat.MAX_SAFE_RATE, DHEat.REDB, DHEat.CLEAR)) print() print() print(" * OpenSSH has a throttling mechanism (controlled by the MaxStartups directive) to prevent too many pre-authentication connections from overwhelming the server. When triggered, the server will probabilistically return \"Exceeded MaxStartups\" instead of the usual SSH banner, then terminate the connection. In order to maximize the DoS effectiveness, this metric should be greater than zero, though the ideal rate of rejections depends on the target server's CPU resources.") print() @staticmethod def _resolve_hostname(host: str, ip_version_preference: List[int]) -> Tuple[int, str]: '''Resolves a hostname to its IPv4 or IPv6 address, depending on user preference.''' family = socket.AF_UNSPEC if len(ip_version_preference) == 1: family = socket.AF_INET if ip_version_preference[0] == 4 else socket.AF_INET6 r = socket.getaddrinfo(host, 0, family, socket.SOCK_STREAM) for address_family, socktype, _, _, addr in r: if socktype == socket.SOCK_STREAM: return address_family, addr[0] return -1, '' def _run(self) -> bool: '''Where all the magic happens.''' self.output() if sys.platform == "win32": self.output("%sWARNING:%s this feature has not been thoroughly tested on Windows. It may perform worse than on UNIX OSes." % (self.YELLOWB, self.CLEAR)) self.output("Running DHEat test against %s[%s]:%u%s with %s%u%s concurrent sockets..." % (self.WHITEB, self.target_ip_address, self.port, self.CLEAR, self.WHITEB, self.concurrent_connections, self.CLEAR)) # If the user didn't specify an exact kex algorithm to test, check our prioritized list against what the server supports. Larger p-values (such as group18: 8192-bits) cause the most strain on the server. chosen_alg = "" gex_modulus_size = -1 if self.target_kex == "": # Look through the server's kex list and see if any are GEX algorithms. To save time, we will only check the first GEX we encounter, instead of all of them (I assume the results will be the same anyway). server_gex_alg = "" for server_kex in self.kex.kex_algorithms: if server_kex in DHEat.gex_algs: server_gex_alg = server_kex break # If the server supports at least one gex algorithm, find the largest modulus it supports. Store an entry in the alg_modulus_sizes so we remember this for later. if server_gex_alg != "": # self.output("Analyzing server's group exchange algorithm, %s, to find largest modulus it supports..." % (server_gex_alg)) gex_modulus_size = self.analyze_gex(server_gex_alg) # self.output("The largest modulus supported by %s appears to be %u." % (server_gex_alg, largest_bit_modulus)) # Now choose the KEX/GEX with the largest modulus that is supported by the server. chosen_alg = "" for alg in DHEat.alg_priority: if alg in self.kex.kex_algorithms: chosen_alg = alg break # If the server's kex options don't intersect with our prioritized algorithm list, then we cannot run this test. if chosen_alg == "": self.out.fail("Error: server's key exchange algorithms do not match with any algorithms implemented by this client!") self.out.warn("Server's key exchanges: \n * %s" % ("\n * ".join(self.kex.kex_algorithms))) self.out.warn("Client's key exchanges: \n * %s" % ("\n * ".join(DHEat.alg_priority))) return False self.debug("Chose [%s] from prioritized list: [%s]" % (chosen_alg, ", ".join(DHEat.alg_priority))) else: # The user specified an exact algorithm to test. # If the user chose an algorithm we don't have an implementation for... if (self.target_kex not in DHEat.alg_priority) and (self.target_kex not in DHEat.gex_algs): self.out.fail("Specified target key exchange [%s] is not in list of implemented algorithms: [%s]." % (self.target_kex, ", ".join(DHEat.alg_priority))) return False # Ensure that what the user chose is supported by the server. if self.target_kex not in self.kex.kex_algorithms: self.out.fail("Specified target key exchange [%s] is not supported by the server: [%s]." % (self.target_kex, ", ".join(self.kex.kex_algorithms))) return False # If this is a GEX, find the largest modulus it supports. if self.target_kex in DHEat.gex_algs: gex_modulus_size = self.analyze_gex(self.target_kex) chosen_alg = self.target_kex self.output("Targeting server algorithm: %s%s%s (modulus size: %u)" % (self.WHITEB, chosen_alg, self.CLEAR, DHEat.alg_modulus_sizes[chosen_alg])) if self.user_set_e_len and chosen_alg not in self.HARDCODED_ALGS: self.output("Using user-supplied e length: %u" % (self.e_rand_len)) if chosen_alg in self.COMPLEX_PQ_ALGS: self.output("{:s}NOTE:{:s} short e lengths can work against the post-quantum algorithm targeted, but the current implementation of this attack results in protocol errors; the number of successful DH KEX replies will be reported as zero even though the CPU will still be exhausted.".format(self.YELLOWB, self.CLEAR)) elif self.user_set_e_len and chosen_alg in self.HARDCODED_ALGS: self.output("{:s}NOTE:{:s} ignoring user-supplied e length, since the targeted algorithm (a NIST P-curve) must use hard-coded e values.".format(self.YELLOWB, self.CLEAR)) # If an untested DH alg is chosen, ask the user to e-mail the maintainer/create a GitHub issue to report success. if chosen_alg not in DHEat.tested_algs: self.output() self.output(DHEat.untested_alg_notice.format(color_start=self.YELLOWB, color_end=self.CLEAR, dh_alg=chosen_alg)) self.output() self.output("Commencing denial-of-service attack. Validate results by monitoring target's CPU idle status.") self.output() self.output("Press CTRL-C to stop attack and see statistics.") self.output() self.generate_kex(chosen_alg) # If the user didn't already choose the e length, calculate the length of the random bytes we need to generate the value e that we'll send to the server. if not self.user_set_e_len: self.e_rand_len = int(DHEat.alg_modulus_sizes[chosen_alg] / 8) - 1 # self.debug("Setting e_rand_len to %u." % self.e_rand_len) # Create all the processes. multiprocessing.set_start_method("spawn") q: Any = multiprocessing.Queue() for _ in range(0, self.concurrent_connections): p = multiprocessing.Process(target=self.worker_process, args=(q, chosen_alg, gex_modulus_size,)) p.start() spinner = ["-", "\\", "|", "/"] spinner_index = 0 # Read the statistics from the child processes, and update the UI once per second. last_update = time.time() while True: try: # Ensure an upper bound of 5 seconds without updating the UI. for _ in range(0, 5): thread_statistics = q.get(True, 1.0) # Block for up to 1 second. self.num_attempted_tcp_connections += thread_statistics['num_attempted_tcp_connections'] self.num_successful_tcp_connections += thread_statistics['num_successful_tcp_connections'] self.num_successful_dh_kex += thread_statistics['num_successful_dh_kex'] self.num_failed_dh_kex += thread_statistics['num_failed_dh_kex'] self.num_bytes_written += thread_statistics['num_bytes_written'] self.num_connect_timeouts += thread_statistics['num_connect_timeouts'] self.num_read_timeouts += thread_statistics['num_read_timeouts'] self.num_socket_exceptions += thread_statistics['num_socket_exceptions'] self.num_openssh_throttled_connections += thread_statistics['num_openssh_throttled_connections'] except queue.Empty: # If Queue.get() timeout exceeded. pass now = time.time() if (now - last_update) >= 1.0: seconds_running = now - self.start_timer print("%s%s%s TCP SYNs/sec: %s%u%s; Compl. conns/sec: %s%u%s; Bytes sent/sec: %s%s%s; DH kex/sec: %s%u%s \r" % (self.WHITEB, spinner[spinner_index], self.CLEAR, self.BLUEB, self.num_attempted_tcp_connections / seconds_running, self.CLEAR, self.BLUEB, self.num_successful_tcp_connections / seconds_running, self.CLEAR, self.BLUEB, DHEat.add_byte_units(self.num_bytes_written / seconds_running), self.CLEAR, self.PURPLEB, self.num_successful_dh_kex / seconds_running, self.CLEAR), end="") last_update = now spinner_index = (spinner_index + 1) % 4 def worker_process(self, q: Any, chosen_alg: str, gex_modulus_size: int) -> None: '''Worker process that floods the target.''' # Handle CTRL-C gracefully. try: self._worker_process(q, chosen_alg, gex_modulus_size) except KeyboardInterrupt: pass def _worker_process(self, q: Any, chosen_alg: str, gex_modulus_size: int) -> None: '''Worker process that floods the target.''' def _close_socket(s: socket.socket) -> None: try: s.shutdown(socket.SHUT_RDWR) s.close() except OSError: pass # Copy variables from the object (which might exist in another process?). This might cut down on inter-process overhead. connect_timeout = self.connect_timeout target_ip_address = self.target_ip_address target_address_family = self.target_address_family port = self.port # Determine if we are attacking with a GEX. gex_mode = False if chosen_alg in DHEat.gex_algs: gex_mode = True self.debug("Setting GEX mode to True; gex_modulus_size: %u" % gex_modulus_size) # Attack statistics local to this process. num_attempted_tcp_connections = 0 num_successful_tcp_connections = 0 num_successful_dh_kex = 0 num_failed_dh_kex = 0 num_bytes_written = 0 num_connect_timeouts = 0 num_read_timeouts = 0 num_socket_exceptions = 0 num_openssh_throttled_connections = 0 num_loops_since_last_statistics_sync = 0 while True: num_loops_since_last_statistics_sync += 1 # Instead of flooding the parent process with statistics, report our stats only every 5 connections. if num_loops_since_last_statistics_sync > 5: num_loops_since_last_statistics_sync = 0 q.put({ 'num_attempted_tcp_connections': num_attempted_tcp_connections, 'num_successful_tcp_connections': num_successful_tcp_connections, 'num_successful_dh_kex': num_successful_dh_kex, 'num_failed_dh_kex': num_failed_dh_kex, 'num_bytes_written': num_bytes_written, 'num_connect_timeouts': num_connect_timeouts, 'num_read_timeouts': num_read_timeouts, 'num_socket_exceptions': num_socket_exceptions, 'num_openssh_throttled_connections': num_openssh_throttled_connections, }) # Since we sent our statistics, reset them all back to zero. num_attempted_tcp_connections = 0 num_successful_tcp_connections = 0 num_successful_dh_kex = 0 num_failed_dh_kex = 0 num_bytes_written = 0 num_connect_timeouts = 0 num_read_timeouts = 0 num_socket_exceptions = 0 num_openssh_throttled_connections = 0 s = socket.socket(target_address_family, socket.SOCK_STREAM) s.settimeout(connect_timeout) # Loop until a successful TCP connection is made. connected = False while not connected: # self.debug("Connecting to %s:%d" % (self.target_ip_address, self.port)) try: num_attempted_tcp_connections += 1 s.connect((target_ip_address, port)) connected = True except OSError as e: self.debug("Failed to connect: %s" % str(e)) # Send everything all at once. This isn't technically valid to do, but SSH implementations seem to be fine with it. bytes_to_write = b"" if gex_mode: bytes_to_write = self.banner + self.make_kexinit() + self.make_gex_request(gex_modulus_size) else: bytes_to_write = self.banner + self.make_kexinit() + self.make_dh_kexinit(chosen_alg) try: s.sendall(bytes_to_write) num_bytes_written += len(bytes_to_write) except (ConnectionResetError, BrokenPipeError): num_socket_exceptions += 1 except socket.timeout: num_connect_timeouts += 1 banner, extra = self.read_banner(s) if banner == b'': self.debug("Blank banner received.") _close_socket(s) num_socket_exceptions += 1 continue # If we receive a valid SSH banner from the server, we'll count it as a successful connection. Note that OpenSSH returns "Exceeded MaxStartups" when throttling occurs (due to the MaxStartups setting). if banner.startswith(b"SSH-2.0-") or banner.startswith(b"SSH-1"): num_successful_tcp_connections += 1 elif banner == b'Exceeded MaxStartups': num_openssh_throttled_connections += 1 _close_socket(s) continue else: self.debug("Invalid banner received: %r" % banner) _close_socket(s) continue # Read the KEXINIT from the server. message_code = -1 try: message_code, _ = self.read_ssh_packet(s, extra=extra) # self.debug("Message code: %u" % message_code) except (ConnectionResetError, socket.timeout) as e: num_failed_dh_kex += 1 num_socket_exceptions += 1 _close_socket(s) self.debug("Exception in read_ssh_packet: %s" % str(e)) continue # Ensure that we received Key Exchange Init (20). if message_code != 20: num_failed_dh_kex += 1 _close_socket(s) self.debug("Expected Kex Exchange Init (20), received: %u" % message_code) continue # Read the Diffie-Hellman Key Exchange Init from the server. message_code = -1 try: message_code, gex_msb = self.read_ssh_packet(s) # self.debug("Message code: %u" % message_code) except (ConnectionResetError, socket.timeout) as e: num_failed_dh_kex += 1 num_socket_exceptions += 1 _close_socket(s) self.debug("Exception in read_ssh_packet: %s" % str(e)) continue # If we get message code 31, then we know the server properly handled our Diffie-Hellman Key Exchange Init, and thus, wasted its time. if message_code == 31: if not gex_mode: num_successful_dh_kex += 1 # If we're targeting a GEX, we need to send and receive another set of packets. else: # Send the Diffie-Hellman Group Exchange Init (32). bytes_to_write = self.make_dh_kexinit(chosen_alg, gex_msb=gex_msb) try: s.sendall(bytes_to_write) num_bytes_written += len(bytes_to_write) except (ConnectionResetError, BrokenPipeError): num_socket_exceptions += 1 except socket.timeout: num_connect_timeouts += 1 try: message_code, _ = self.read_ssh_packet(s) except (ConnectionResetError, socket.timeout) as e: num_failed_dh_kex += 1 num_socket_exceptions += 1 _close_socket(s) self.debug("Exception in read_ssh_packet: %s" % str(e)) continue # If we received Diffie-Hellman Group Exchange Reply (33), then we know the server properly handled our Diffie-Hellman Group Exchange Init (32), and thus, wasted its time. if message_code == 33: num_successful_dh_kex += 1 else: num_failed_dh_kex += 1 else: num_failed_dh_kex += 1 _close_socket(s) ssh-audit-3.3.0/src/ssh_audit/exitcodes.py000066400000000000000000000003361470352310600205340ustar00rootroot00000000000000# The program return values corresponding to failure(s) encountered, warning(s) encountered, connection errors, and no problems found, respectively. FAILURE = 3 WARNING = 2 CONNECTION_ERROR = 1 GOOD = 0 UNKNOWN_ERROR = -1 ssh-audit-3.3.0/src/ssh_audit/fingerprint.py000066400000000000000000000032671470352310600211020ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2021 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import base64 import hashlib class Fingerprint: def __init__(self, fpd: bytes) -> None: self.__fpd = fpd @property def md5(self) -> str: h = hashlib.md5(self.__fpd).hexdigest() r = ':'.join(h[i:i + 2] for i in range(0, len(h), 2)) return 'MD5:{}'.format(r) @property def sha256(self) -> str: h = base64.b64encode(hashlib.sha256(self.__fpd).digest()) r = h.decode('ascii').rstrip('=') return 'SHA256:{}'.format(r) ssh-audit-3.3.0/src/ssh_audit/gextest.py000066400000000000000000000276761470352310600202500ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2023 Joe Testa (jtesta@positronsecurity.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import struct import traceback # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.banner import Banner from ssh_audit.kexdh import KexDHException, KexGroupExchange, KexGroupExchange_SHA1, KexGroupExchange_SHA256 from ssh_audit.ssh2_kexdb import SSH2_KexDB from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.ssh_socket import SSH_Socket from ssh_audit.outputbuffer import OutputBuffer from ssh_audit import exitcodes # Performs DH group exchanges to find what moduli are supported, and checks # their size. class GEXTest: # Creates a new connection to the server. Returns True on success, or False. @staticmethod def reconnect(out: 'OutputBuffer', s: 'SSH_Socket', kex: 'SSH2_Kex', gex_alg: str) -> bool: if s.is_connected(): return True err = s.connect() if err is not None: out.v(err, write_now=True) return False _, _, err = s.get_banner() if err is not None: out.v(err, write_now=True) s.close() return False # Send our KEX using the specified group-exchange and most of the # server's own values. s.send_kexinit(key_exchanges=[gex_alg], hostkeys=kex.key_algorithms, ciphers=kex.server.encryption, macs=kex.server.mac, compressions=kex.server.compression, languages=kex.server.languages) try: # Parse the server's KEX. _, payload = s.read_packet(2) SSH2_Kex.parse(out, payload) except (KexDHException, struct.error): out.v("Failed to parse server's kex. Stack trace:\n%s" % str(traceback.format_exc()), write_now=True) return False return True @staticmethod def granular_modulus_size_test(out: 'OutputBuffer', s: 'SSH_Socket', kex: 'SSH2_Kex', bits_min: int, bits_pref: int, bits_max: int, modulus_dict: Dict[str, List[int]]) -> int: ''' Tests for granular modulus sizes. Builds a dictionary, where a key represents a DH algorithm name and the values are the modulus sizes (in bits) that have been returned by the target server. Returns an exitcodes.* flag. ''' retval = exitcodes.GOOD out.d("Starting modulus_size_test...") out.d("Bits Min: " + str(bits_min)) out.d("Bits Pref: " + str(bits_pref)) out.d("Bits Max: " + str(bits_max)) GEX_ALGS = { 'diffie-hellman-group-exchange-sha1': KexGroupExchange_SHA1, 'diffie-hellman-group-exchange-sha256': KexGroupExchange_SHA256, } # Check if the server supports any of the group-exchange # algorithms. If so, test each one. for gex_alg, kex_group_class in GEX_ALGS.items(): if gex_alg not in kex.kex_algorithms: out.d('Server does not support the algorithm "' + gex_alg + '".', write_now=True) else: kex_group = kex_group_class(out) out.d('Preparing to perform DH group exchange using ' + gex_alg + ' with min, pref and max modulus sizes of ' + str(bits_min) + ' bits, ' + str(bits_pref) + ' bits and ' + str(bits_max) + ' bits...', write_now=True) # It has been observed that reconnecting to some SSH servers # multiple times in quick succession can eventually result # in a "connection reset by peer" error. It may be possible # to recover from such an error by sleeping for some time # before continuing to issue reconnects. modulus_size_returned, reconnect_failed = GEXTest._send_init(out, s, kex_group, kex, gex_alg, bits_min, bits_pref, bits_max) if reconnect_failed: out.fail('Reconnect failed.') return exitcodes.FAILURE if modulus_size_returned > 0: if gex_alg in modulus_dict: if modulus_size_returned not in modulus_dict[gex_alg]: modulus_dict[gex_alg].append(modulus_size_returned) else: modulus_dict[gex_alg] = [modulus_size_returned] return retval # Runs the DH moduli test against the specified target. @staticmethod def run(out: 'OutputBuffer', s: 'SSH_Socket', banner: Optional['Banner'], kex: 'SSH2_Kex') -> None: GEX_ALGS = { 'diffie-hellman-group-exchange-sha1': KexGroupExchange_SHA1, 'diffie-hellman-group-exchange-sha256': KexGroupExchange_SHA256, } # The previous RSA tests put the server in a state we can't # test. So we need a new connection to start with a clean # slate. if s.is_connected(): s.close() # Check if the server supports any of the group-exchange # algorithms. If so, test each one. for gex_alg, kex_group_class in GEX_ALGS.items(): # pylint: disable=too-many-nested-blocks if gex_alg in kex.kex_algorithms: out.d('Preparing to perform DH group exchange using ' + gex_alg + ' with min, pref and max modulus sizes of 512 bits, 1024 bits and 1536 bits...', write_now=True) kex_group = kex_group_class(out) smallest_modulus, reconnect_failed = GEXTest._send_init(out, s, kex_group, kex, gex_alg, 512, 1024, 1536) if reconnect_failed: break # Try an array of specific modulus sizes... one at a time. reconnect_failed = False for bits in [512, 768, 1024, 1536, 2048, 3072, 4096]: # If we found one modulus size already, but we're about # to test a larger one, don't bother. if bits >= smallest_modulus > 0: break smallest_modulus, reconnect_failed = GEXTest._send_init(out, s, kex_group, kex, gex_alg, bits, bits, bits) # If the smallest modulus is 2048 and the server is OpenSSH, then we may have triggered the fallback mechanism, which tends to happen in testing scenarios such as this but not in most real-world conditions (see X). To better test this condition, we will do an additional check to see if the server supports sizes between 2048 and 4096, and consider this the definitive result. openssh_test_updated = False if (smallest_modulus == 2048) and (banner is not None) and (banner.software is not None) and (banner.software.find('OpenSSH') != -1): out.d('First pass found a minimum GEX modulus of 2048 against OpenSSH server. Performing a second pass to get a more accurate result...') smallest_modulus, _ = GEXTest._send_init(out, s, kex_group, kex, gex_alg, 2048, 3072, 4096) out.d('Modulus size returned by server during second pass: %d bits' % smallest_modulus, write_now=True) openssh_test_updated = bool((smallest_modulus > 0) and (smallest_modulus != 2048)) if smallest_modulus > 0: kex.set_dh_modulus_size(gex_alg, smallest_modulus) lst = SSH2_KexDB.get_db()['kex'][gex_alg] # We flag moduli smaller than 2048 as a failure. if smallest_modulus < 2048: text = 'using small %d-bit modulus' % smallest_modulus # For 'diffie-hellman-group-exchange-sha256', add # a failure reason. if len(lst) == 1: lst.append([text]) # For 'diffie-hellman-group-exchange-sha1', delete # the existing failure reason (which is vague), and # insert our own. else: del lst[1] lst.insert(1, [text]) # Moduli smaller than 3072 get flagged as a warning. elif smallest_modulus < 3072: # Ensure that a warning list exists for us to append to, below. while len(lst) < 3: lst.append([]) # Ensure this is only added once. text = '2048-bit modulus only provides 112-bits of symmetric strength' if text not in lst[2]: lst[2].append(text) # If we retested against OpenSSH (because its fallback mechanism was triggered), add a special note for the user. if openssh_test_updated: text = "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use %u. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477)." % smallest_modulus # Ensure that an info list exists for us to append to, below. while len(lst) < 4: lst.append([]) # Ensure this is only added once. if text not in lst[3]: lst[3].append(text) if reconnect_failed: break @staticmethod def _send_init(out: 'OutputBuffer', s: 'SSH_Socket', kex_group: 'KexGroupExchange', kex: 'SSH2_Kex', gex_alg: str, min_bits: int, pref_bits: int, max_bits: int) -> Tuple[int, bool]: '''Internal function for sending the GEX initialization to the server with the minimum, preferred, and maximum modulus bits. Returns a Tuple of the modulus size received from the server (or -1 on error) and boolean signifying that the connection to the server failed.''' smallest_modulus = -1 reconnect_failed = False try: if GEXTest.reconnect(out, s, kex, gex_alg) is False: reconnect_failed = True out.d('GEXTest._send_init(%s, %u, %u, %u): reconnection failed.' % (gex_alg, min_bits, pref_bits, max_bits), write_now=True) else: kex_group.send_init_gex(s, min_bits, pref_bits, max_bits) kex_group.recv_reply(s, False) smallest_modulus = kex_group.get_dh_modulus_size() out.d('GEXTest._send_init(%s, %u, %u, %u): received modulus size: %d' % (gex_alg, min_bits, pref_bits, max_bits, smallest_modulus), write_now=True) except KexDHException as e: out.d('GEXTest._send_init(%s, %u, %u, %u): exception when performing DH group exchange init: %s' % (gex_alg, min_bits, pref_bits, max_bits, str(e)), write_now=True) finally: s.close() return smallest_modulus, reconnect_failed ssh-audit-3.3.0/src/ssh_audit/globals.py000066400000000000000000000037241470352310600201740ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # The version to display. VERSION = 'v3.3.0' # SSH software to impersonate SSH_HEADER = 'SSH-{0}-OpenSSH_8.2' # The URL to the Github issues tracker. GITHUB_ISSUES_URL = 'https://github.com/jtesta/ssh-audit/issues' # The man page. Only filled in on Docker, PyPI, Snap, and Windows builds. BUILTIN_MAN_PAGE = '' # True when installed from a Snap package, otherwise False. SNAP_PACKAGE = False # Error message when installed as a Snap package and a file access fails. SNAP_PERMISSIONS_ERROR = 'Error while accessing file. It appears that ssh-audit was installed as a Snap package. In that case, there are two options: 1.) only try to read & write files in the $HOME/snap/ssh-audit/common/ directory, or 2.) grant permissions to read & write files in $HOME using the following command: "sudo snap connect ssh-audit:home :home"' ssh-audit-3.3.0/src/ssh_audit/hostkeytest.py000066400000000000000000000351731470352310600211420ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 import traceback from ssh_audit.kexdh import KexDH, KexDHException, KexGroup1, KexGroup14_SHA1, KexGroup14_SHA256, KexCurve25519_SHA256, KexGroup16_SHA512, KexGroup18_SHA512, KexGroupExchange_SHA1, KexGroupExchange_SHA256, KexNISTP256, KexNISTP384, KexNISTP521 from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.ssh2_kexdb import SSH2_KexDB from ssh_audit.ssh_socket import SSH_Socket from ssh_audit.outputbuffer import OutputBuffer # Obtains host keys, checks their size, and derives their fingerprints. class HostKeyTest: # Tracks the RSA host key types. As of this writing, testing one in this family yields valid results for the rest. RSA_FAMILY = ['ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512'] # Dict holding the host key types we should extract & parse. 'cert' is True to denote that a host key type handles certificates (thus requires additional parsing). 'variable_key_len' is True for host key types that can have variable sizes (True only for RSA types, as the rest are of fixed-size). HOST_KEY_TYPES = { 'ssh-rsa': {'cert': False, 'variable_key_len': True}, 'rsa-sha2-256': {'cert': False, 'variable_key_len': True}, 'rsa-sha2-512': {'cert': False, 'variable_key_len': True}, 'ssh-rsa-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, 'rsa-sha2-256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, 'rsa-sha2-512-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, 'ssh-ed25519': {'cert': False, 'variable_key_len': False}, 'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, 'ssh-ed448': {'cert': False, 'variable_key_len': False}, # 'ssh-ed448-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, 'ecdsa-sha2-nistp256': {'cert': False, 'variable_key_len': False}, 'ecdsa-sha2-nistp384': {'cert': False, 'variable_key_len': False}, 'ecdsa-sha2-nistp521': {'cert': False, 'variable_key_len': False}, 'ecdsa-sha2-nistp256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, 'ecdsa-sha2-nistp384-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, 'ecdsa-sha2-nistp521-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False}, 'ssh-dss': {'cert': False, 'variable_key_len': True}, 'ssh-dss-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}, } TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength' SMALL_ECC_MODULUS_WARNING = '224-bit ECC modulus only provides 112-bits of symmetric strength' @staticmethod def run(out: 'OutputBuffer', s: 'SSH_Socket', server_kex: 'SSH2_Kex') -> None: KEX_TO_DHGROUP = { 'diffie-hellman-group1-sha1': KexGroup1, 'diffie-hellman-group14-sha1': KexGroup14_SHA1, 'diffie-hellman-group14-sha256': KexGroup14_SHA256, 'curve25519-sha256': KexCurve25519_SHA256, 'curve25519-sha256@libssh.org': KexCurve25519_SHA256, 'diffie-hellman-group16-sha512': KexGroup16_SHA512, 'diffie-hellman-group18-sha512': KexGroup18_SHA512, 'diffie-hellman-group-exchange-sha1': KexGroupExchange_SHA1, 'diffie-hellman-group-exchange-sha256': KexGroupExchange_SHA256, 'ecdh-sha2-nistp256': KexNISTP256, 'ecdh-sha2-nistp384': KexNISTP384, 'ecdh-sha2-nistp521': KexNISTP521, # 'kexguess2@matt.ucc.asn.au': ??? } # Pick the first kex algorithm that the server supports, which we # happen to support as well. kex_str = None kex_group = None for server_kex_alg in server_kex.kex_algorithms: if server_kex_alg in KEX_TO_DHGROUP: kex_str = server_kex_alg kex_group = KEX_TO_DHGROUP[kex_str](out) break if kex_str is not None and kex_group is not None: HostKeyTest.perform_test(out, s, server_kex, kex_str, kex_group, HostKeyTest.HOST_KEY_TYPES) @staticmethod def perform_test(out: 'OutputBuffer', s: 'SSH_Socket', server_kex: 'SSH2_Kex', kex_str: str, kex_group: 'KexDH', host_key_types: Dict[str, Dict[str, bool]]) -> None: hostkey_modulus_size = 0 ca_modulus_size = 0 parsed_host_key_types = set() # If the connection still exists, close it so we can test # using a clean slate (otherwise it may exist in a non-testable # state). if s.is_connected(): s.close() # For each host key type... for host_key_type in host_key_types: key_fail_comments = [] key_warn_comments = [] # Skip those already handled (i.e.: those in the RSA family, as testing one tests them all). if host_key_type in parsed_host_key_types: continue # If this host key type is supported by the server, we test it. if host_key_type in server_kex.key_algorithms: out.d('Preparing to obtain ' + host_key_type + ' host key...', write_now=True) cert = host_key_types[host_key_type]['cert'] # If the connection is closed, re-open it and get the kex again. if not s.is_connected(): err = s.connect() if err is not None: out.v(err, write_now=True) return _, _, err = s.get_banner() if err is not None: out.v(err, write_now=True) s.close() return # Send our KEX using the specified group-exchange and most of the server's own values. s.send_kexinit(key_exchanges=[kex_str], hostkeys=[host_key_type], ciphers=server_kex.server.encryption, macs=server_kex.server.mac, compressions=server_kex.server.compression, languages=server_kex.server.languages) try: # Parse the server's KEX. _, payload = s.read_packet() SSH2_Kex.parse(out, payload) except Exception: msg = "Failed to parse server's kex." if not out.debug: msg += " Re-run in debug mode to see stack trace." out.v(msg, write_now=True) out.d("Stack trace:\n%s" % str(traceback.format_exc()), write_now=True) return # Do the initial DH exchange. The server responds back # with the host key and its length. Bingo. We also get back the host key fingerprint. kex_group.send_init(s) raw_hostkey_bytes = b'' try: kex_reply = kex_group.recv_reply(s) raw_hostkey_bytes = kex_reply if kex_reply is not None else b'' except KexDHException: msg = "Failed to parse server's host key." if not out.debug: msg += " Re-run in debug mode to see stack trace." out.v(msg, write_now=True) out.d("Stack trace:\n%s" % str(traceback.format_exc()), write_now=True) # Since parsing this host key failed, there's nothing more to do but close the socket and move on to the next host key type. s.close() continue hostkey_modulus_size = kex_group.get_hostkey_size() ca_key_type = kex_group.get_ca_type() ca_modulus_size = kex_group.get_ca_size() out.d("Hostkey type: [%s]; hostkey size: %u; CA type: [%s]; CA modulus size: %u" % (host_key_type, hostkey_modulus_size, ca_key_type, ca_modulus_size), write_now=True) out.d("Raw hostkey bytes (%d): [%s]" % (len(raw_hostkey_bytes), raw_hostkey_bytes.hex()), write_now=True) # Record all the host key info. server_kex.set_host_key(host_key_type, raw_hostkey_bytes, hostkey_modulus_size, ca_key_type, ca_modulus_size) # Set the hostkey size for all RSA key types since 'ssh-rsa', 'rsa-sha2-256', etc. are all using the same host key. Note, however, that this may change in the future. if cert is False and host_key_type in HostKeyTest.RSA_FAMILY: for rsa_type in HostKeyTest.RSA_FAMILY: server_kex.set_host_key(rsa_type, raw_hostkey_bytes, hostkey_modulus_size, ca_key_type, ca_modulus_size) # Close the socket, as the connection has # been put in a state that later tests can't use. s.close() # If the host key modulus or CA modulus was successfully parsed, check to see that its a safe size. if hostkey_modulus_size > 0 or ca_modulus_size > 0: # The minimum good modulus size for RSA host keys is 3072. However, since ECC cryptosystems are fundamentally different, the minimum good is 256. hostkey_min_good = cakey_min_good = 3072 hostkey_min_warn = cakey_min_warn = 2048 hostkey_warn_str = cakey_warn_str = HostKeyTest.TWO2K_MODULUS_WARNING if host_key_type.startswith('ssh-ed25519') or host_key_type.startswith('ecdsa-sha2-nistp'): hostkey_min_good = 256 hostkey_min_warn = 224 hostkey_warn_str = HostKeyTest.SMALL_ECC_MODULUS_WARNING if ca_key_type.startswith('ssh-ed25519') or ca_key_type.startswith('ecdsa-sha2-nistp'): cakey_min_good = 256 cakey_min_warn = 224 cakey_warn_str = HostKeyTest.SMALL_ECC_MODULUS_WARNING # Keys smaller than 2048 result in a failure. Keys smaller 3072 result in a warning. Update the database accordingly. if (cert is False) and (hostkey_modulus_size < hostkey_min_good) and (host_key_type != 'ssh-dss'): # Skip ssh-dss, otherwise we get duplicate failure messages (SSH2_KexDB will always flag it). # If the key is under 2048, add to the failure list. if hostkey_modulus_size < hostkey_min_warn: key_fail_comments.append('using small %d-bit modulus' % hostkey_modulus_size) elif hostkey_warn_str not in key_warn_comments: # Issue a warning about 2048-bit moduli. key_warn_comments.append(hostkey_warn_str) elif (cert is True) and ((hostkey_modulus_size < hostkey_min_good) or (0 < ca_modulus_size < cakey_min_good)): # If the host key is smaller than 2048-bit/224-bit, flag this as a failure. if hostkey_modulus_size < hostkey_min_warn: key_fail_comments.append('using small %d-bit hostkey modulus' % hostkey_modulus_size) # Otherwise, this is just a warning. elif (hostkey_modulus_size < hostkey_min_good) and (hostkey_warn_str not in key_warn_comments): key_warn_comments.append(hostkey_warn_str) # If the CA key is smaller than 2048-bit/224-bit, flag this as a failure. if 0 < ca_modulus_size < cakey_min_warn: key_fail_comments.append('using small %d-bit CA key modulus' % ca_modulus_size) # Otherwise, this is just a warning. elif (0 < ca_modulus_size < cakey_min_good) and (cakey_warn_str not in key_warn_comments): key_warn_comments.append(cakey_warn_str) # If the CA key type uses ECDSA with a NIST P-curve, fail it for possibly being back-doored. if ca_key_type.startswith('ecdsa-sha2-nistp'): key_fail_comments.append('CA key uses elliptic curves that are suspected as being backdoored by the U.S. National Security Agency') # If this host key type is in the RSA family, then mark them all as parsed (since results in one are valid for them all). if host_key_type in HostKeyTest.RSA_FAMILY: for rsa_type in HostKeyTest.RSA_FAMILY: parsed_host_key_types.add(rsa_type) # If the current key is a member of the RSA family, then populate all RSA family members with the same # failure and/or warning comments. db = SSH2_KexDB.get_db() while len(db['key'][rsa_type]) < 3: db['key'][rsa_type].append([]) db['key'][rsa_type][1].extend(key_fail_comments) db['key'][rsa_type][2].extend(key_warn_comments) else: parsed_host_key_types.add(host_key_type) db = SSH2_KexDB.get_db() while len(db['key'][host_key_type]) < 3: db['key'][host_key_type].append([]) db['key'][host_key_type][1].extend(key_fail_comments) db['key'][host_key_type][2].extend(key_warn_comments) ssh-audit-3.3.0/src/ssh_audit/kexdh.py000066400000000000000000000556221470352310600176600ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2023 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import binascii import os import random import struct import traceback # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.protocol import Protocol from ssh_audit.ssh_socket import SSH_Socket class KexDHException(Exception): pass class KexDH: # pragma: nocover def __init__(self, out: 'OutputBuffer', kex_name: str, hash_alg: str, g: int, p: int) -> None: self.out = out self.__kex_name = kex_name # pylint: disable=unused-private-member self.__hash_alg = hash_alg # pylint: disable=unused-private-member self.__g = 0 self.__p = 0 self.__q = 0 self.__x = 0 self.__e = 0 self.set_params(g, p) self.__ed25519_pubkey: Optional[bytes] = None # pylint: disable=unused-private-member self.__hostkey_type = '' self.__hostkey_e = 0 # pylint: disable=unused-private-member self.__hostkey_n = 0 # pylint: disable=unused-private-member self.__hostkey_n_len = 0 # Length of the host key modulus. self.__ca_key_type = '' # Type of CA key ('ssh-rsa', etc). self.__ca_n_len = 0 # Length of the CA key modulus (if hostkey is a cert). def set_params(self, g: int, p: int) -> None: self.__g = g self.__p = p self.__q = (self.__p - 1) // 2 self.__x = 0 self.__e = 0 def send_init(self, s: SSH_Socket, init_msg: int = Protocol.MSG_KEXDH_INIT) -> None: r = random.SystemRandom() self.__x = r.randrange(2, self.__q) self.__e = pow(self.__g, self.__x, self.__p) s.write_byte(init_msg) s.write_mpint2(self.__e) s.send_packet() # Parse a KEXDH_REPLY or KEXDH_GEX_REPLY message from the server. This # contains the host key, among other things. Function returns the host # key blob (from which the fingerprint can be calculated). def recv_reply(self, s: 'SSH_Socket', parse_host_key_size: bool = True) -> Optional[bytes]: # Reset the CA info, in case it was set from a prior invocation. self.__hostkey_type = '' self.__hostkey_e = 0 # pylint: disable=unused-private-member self.__hostkey_n = 0 # pylint: disable=unused-private-member self.__hostkey_n_len = 0 self.__ca_key_type = '' self.__ca_n_len = 0 packet_type, payload = s.read_packet(2) # Skip any & all MSG_DEBUG messages. while packet_type == Protocol.MSG_DEBUG: packet_type, payload = s.read_packet(2) if packet_type != -1 and packet_type not in [Protocol.MSG_KEXDH_REPLY, Protocol.MSG_KEXDH_GEX_REPLY]: # pylint: disable=no-else-raise raise KexDHException('Expected MSG_KEXDH_REPLY (%d) or MSG_KEXDH_GEX_REPLY (%d), but got %d instead.' % (Protocol.MSG_KEXDH_REPLY, Protocol.MSG_KEXDH_GEX_REPLY, packet_type)) elif packet_type == -1: # A connection error occurred. We can't parse anything, so just # return. The host key modulus (and perhaps certificate modulus) # will remain at length 0. self.out.d("KexDH.recv_reply(): received package_type == -1.") return None # Get the host key blob, F, and signature. ptr = 0 hostkey, _, ptr = KexDH.__get_bytes(payload, ptr) # If we are not supposed to parse the host key size (i.e.: it is a type that is of fixed size such as ed25519), then stop here. if not parse_host_key_size: return hostkey _, _, ptr = KexDH.__get_bytes(payload, ptr) _, _, ptr = KexDH.__get_bytes(payload, ptr) # Now pick apart the host key blob. # Get the host key type (i.e.: 'ssh-rsa', 'ssh-ed25519', etc). ptr = 0 hostkey_type, _, ptr = KexDH.__get_bytes(hostkey, ptr) self.__hostkey_type = hostkey_type.decode('ascii') self.out.d("Parsing host key type: %s" % self.__hostkey_type) # If this is an RSA certificate, skip over the nonce. if self.__hostkey_type.startswith('ssh-rsa-cert-v0'): self.out.d("RSA certificate found, so skipping nonce.") _, _, ptr = KexDH.__get_bytes(hostkey, ptr) # Read & skip over the nonce. # The public key exponent. hostkey_e, _, ptr = KexDH.__get_bytes(hostkey, ptr) self.__hostkey_e = int(binascii.hexlify(hostkey_e), 16) # pylint: disable=unused-private-member # ED25519 moduli are fixed at 32 bytes. if self.__hostkey_type == 'ssh-ed25519': self.out.d("%s has a fixed host key modulus of 32." % self.__hostkey_type) self.__hostkey_n_len = 32 elif self.__hostkey_type == 'ssh-ed448': self.out.d("%s has a fixed host key modulus of 57." % self.__hostkey_type) self.__hostkey_n_len = 57 else: # Here is the modulus size & actual modulus of the host key public key. hostkey_n, self.__hostkey_n_len, ptr = KexDH.__get_bytes(hostkey, ptr) self.__hostkey_n = int(binascii.hexlify(hostkey_n), 16) # pylint: disable=unused-private-member # If this is a certificate, continue parsing to extract the CA type and key length. Even though a hostkey type might be 'ssh-ed25519-cert-v01@openssh.com', its CA may still be RSA. if self.__hostkey_type.startswith('ssh-rsa-cert-v0') or self.__hostkey_type.startswith('ssh-ed25519-cert-v0'): # Get the CA key type and key length. self.__ca_key_type, self.__ca_n_len = self.__parse_ca_key(hostkey, self.__hostkey_type, ptr) self.out.d("KexDH.__parse_ca_key(): CA key type: [%s]; CA key length: %u" % (self.__ca_key_type, self.__ca_n_len)) return hostkey def __parse_ca_key(self, hostkey: bytes, hostkey_type: str, ptr: int) -> Tuple[str, int]: ca_key_type = '' ca_key_n_len = 0 # If this is a certificate, continue parsing to extract the CA type and key length. Even though a hostkey type might be 'ssh-ed25519-cert-v01@openssh.com', its CA may still be RSA. # if hostkey_type.startswith('ssh-rsa-cert-v0') or hostkey_type.startswith('ssh-ed25519-cert-v0'): self.out.d("Parsing CA for hostkey type [%s]..." % hostkey_type) # Skip over the serial number. ptr += 8 # Get the certificate type. cert_type = int(binascii.hexlify(hostkey[ptr:ptr + 4]), 16) ptr += 4 # Only SSH2_CERT_TYPE_HOST (2) makes sense in this context. if cert_type == 2: # Skip the key ID (this is the serial number of the # certificate). key_id, key_id_len, ptr = KexDH.__get_bytes(hostkey, ptr) # pylint: disable=unused-variable # The principles, which are... I don't know what. principles, principles_len, ptr = KexDH.__get_bytes(hostkey, ptr) # pylint: disable=unused-variable # Skip over the timestamp that this certificate is valid after. ptr += 8 # Skip over the timestamp that this certificate is valid before. ptr += 8 # TODO: validate the principles, and time range. # The critical options. critical_options, critical_options_len, ptr = KexDH.__get_bytes(hostkey, ptr) # pylint: disable=unused-variable # Certificate extensions. extensions, extensions_len, ptr = KexDH.__get_bytes(hostkey, ptr) # pylint: disable=unused-variable # Another nonce. nonce, nonce_len, ptr = KexDH.__get_bytes(hostkey, ptr) # pylint: disable=unused-variable # Finally, we get to the CA key. ca_key, ca_key_len, ptr = KexDH.__get_bytes(hostkey, ptr) # pylint: disable=unused-variable # Last in the host key blob is the CA signature. It isn't # interesting to us, so we won't bother parsing any further. # The CA key has the modulus, however... ptr = 0 # 'ssh-rsa', 'rsa-sha2-256', etc. ca_key_type_bytes, ca_key_type_len, ptr = KexDH.__get_bytes(ca_key, ptr) # pylint: disable=unused-variable ca_key_type = ca_key_type_bytes.decode('ascii') self.out.d("Found CA type: [%s]" % ca_key_type) # ED25519 CA's don't explicitly include the modulus size in the public key, since its fixed at 32 in all cases. if ca_key_type == 'ssh-ed25519': ca_key_n_len = 32 else: # CA's public key exponent. ca_key_e, ca_key_e_len, ptr = KexDH.__get_bytes(ca_key, ptr) # pylint: disable=unused-variable # CA's modulus. Bingo. ca_key_n, ca_key_n_len, ptr = KexDH.__get_bytes(ca_key, ptr) # pylint: disable=unused-variable if ca_key_type.startswith("ecdsa-sha2-nistp") and ca_key_n_len > 0: self.out.d("Found ecdsa-sha2-nistp* CA key type.") # 0x04 signifies that this is an uncompressed public key (meaning that full X and Y values are provided in ca_key_n. if ca_key_n[0] == 4: ca_key_n_len = ca_key_n_len - 1 # Subtract the 0x04 byte. ca_key_n_len = int(ca_key_n_len / 2) # Divide by 2 since the modulus is the size of either the X or Y value. else: self.out.d("Certificate type %u found; this is not usually valid in the context of a host key! Skipping it..." % cert_type) return ca_key_type, ca_key_n_len @staticmethod def __get_bytes(buf: bytes, ptr: int) -> Tuple[bytes, int, int]: num_bytes = struct.unpack('>I', buf[ptr:ptr + 4])[0] ptr += 4 return buf[ptr:ptr + num_bytes], num_bytes, ptr + num_bytes # Converts a modulus length in bytes to its size in bits, after some # possible adjustments. @staticmethod def __adjust_key_size(size: int) -> int: size = size * 8 # Actual keys are observed to be about 8 bits bigger than expected # (i.e.: 1024-bit keys have a 1032-bit modulus). Check if this is # the case, and subtract 8 if so. This simply improves readability # in the UI. if (size >> 3) % 2 != 0: size = size - 8 return size # Returns the hostkey type. def get_hostkey_type(self) -> str: return self.__hostkey_type # Returns the size of the hostkey, in bits. def get_hostkey_size(self) -> int: return KexDH.__adjust_key_size(self.__hostkey_n_len) # Returns the CA type ('ssh-rsa', 'ssh-ed25519', etc). def get_ca_type(self) -> str: return self.__ca_key_type # Returns the size of the CA key, in bits. def get_ca_size(self) -> int: return KexDH.__adjust_key_size(self.__ca_n_len) # Returns the size of the DH modulus, in bits. def get_dh_modulus_size(self) -> int: # -2 to account for the '0b' prefix in the string. return len(bin(self.__p)) - 2 class KexGroup1(KexDH): # pragma: nocover def __init__(self, out: 'OutputBuffer') -> None: # rfc2409: second oakley group p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff', 16) super(KexGroup1, self).__init__(out, 'KexGroup1', 'sha1', 2, p) class KexGroup14(KexDH): # pragma: nocover def __init__(self, out: 'OutputBuffer', hash_alg: str) -> None: # rfc3526: 2048-bit modp group p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff', 16) super(KexGroup14, self).__init__(out, 'KexGroup14', hash_alg, 2, p) class KexGroup14_SHA1(KexGroup14): def __init__(self, out: 'OutputBuffer') -> None: super(KexGroup14_SHA1, self).__init__(out, 'sha1') class KexGroup14_SHA256(KexGroup14): def __init__(self, out: 'OutputBuffer') -> None: super(KexGroup14_SHA256, self).__init__(out, 'sha256') class KexGroup16_SHA512(KexDH): def __init__(self, out: 'OutputBuffer') -> None: # rfc3526: 4096-bit modp group p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffffffff', 16) super(KexGroup16_SHA512, self).__init__(out, 'KexGroup16_SHA512', 'sha512', 2, p) class KexGroup18_SHA512(KexDH): def __init__(self, out: 'OutputBuffer') -> None: # rfc3526: 8192-bit modp group p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d073b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad922222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f8385ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f83f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f924009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffffffffffff', 16) super(KexGroup18_SHA512, self).__init__(out, 'KexGroup18_SHA512', 'sha512', 2, p) class KexCurve25519_SHA256(KexDH): def __init__(self, out: 'OutputBuffer') -> None: super(KexCurve25519_SHA256, self).__init__(out, 'KexCurve25519_SHA256', 'sha256', 0, 0) # To start an ED25519 kex, we simply send a random 256-bit number as the # public key. def send_init(self, s: 'SSH_Socket', init_msg: int = Protocol.MSG_KEXDH_INIT) -> None: self.__ed25519_pubkey = os.urandom(32) s.write_byte(init_msg) s.write_string(self.__ed25519_pubkey) s.send_packet() class KexNISTP256(KexDH): def __init__(self, out: 'OutputBuffer') -> None: super(KexNISTP256, self).__init__(out, 'KexNISTP256', 'sha256', 0, 0) # Because the server checks that the value sent here is valid (i.e.: it lies # on the curve, among other things), we would have to write a lot of code # or import an elliptic curve library in order to randomly generate a # valid elliptic point each time. Hence, we will simply send a static # value, which is enough for us to extract the server's host key. def send_init(self, s: 'SSH_Socket', init_msg: int = Protocol.MSG_KEXDH_INIT) -> None: s.write_byte(init_msg) s.write_string(b'\x04\x0b\x60\x44\x9f\x8a\x11\x9e\xc7\x81\x0c\xa9\x98\xfc\xb7\x90\xaa\x6b\x26\x8c\x12\x4a\xc0\x09\xbb\xdf\xc4\x2c\x4c\x2c\x99\xb6\xe1\x71\xa0\xd4\xb3\x62\x47\x74\xb3\x39\x0c\xf2\x88\x4a\x84\x6b\x3b\x15\x77\xa5\x77\xd2\xa9\xc9\x94\xf9\xd5\x66\x19\xcd\x02\x34\xd1') s.send_packet() class KexNISTP384(KexDH): def __init__(self, out: 'OutputBuffer') -> None: super(KexNISTP384, self).__init__(out, 'KexNISTP384', 'sha256', 0, 0) # See comment for KexNISTP256.send_init(). def send_init(self, s: 'SSH_Socket', init_msg: int = Protocol.MSG_KEXDH_INIT) -> None: s.write_byte(init_msg) s.write_string(b'\x04\xe2\x9b\x84\xce\xa1\x39\x50\xfe\x1e\xa3\x18\x70\x1c\xe2\x7a\xe4\xb5\x6f\xdf\x93\x9f\xd4\xf4\x08\xcc\x9b\x02\x10\xa4\xca\x77\x9c\x2e\x51\x44\x1d\x50\x7a\x65\x4e\x7e\x2f\x10\x2d\x2d\x4a\x32\xc9\x8e\x18\x75\x90\x6c\x19\x10\xda\xcc\xa8\xe9\xf4\xc4\x3a\x53\x80\x35\xf4\x97\x9c\x04\x16\xf9\x5a\xdc\xcc\x05\x94\x29\xfa\xc4\xd6\x87\x4e\x13\x21\xdb\x3d\x12\xac\xbd\x20\x3b\x60\xff\xe6\x58\x42') s.send_packet() class KexNISTP521(KexDH): def __init__(self, out: 'OutputBuffer') -> None: super(KexNISTP521, self).__init__(out, 'KexNISTP521', 'sha256', 0, 0) # See comment for KexNISTP256.send_init(). def send_init(self, s: 'SSH_Socket', init_msg: int = Protocol.MSG_KEXDH_INIT) -> None: s.write_byte(init_msg) s.write_string(b'\x04\x01\x02\x90\x29\xe9\x8f\xa8\x04\xaf\x1c\x00\xf9\xc6\x29\xc0\x39\x74\x8e\xea\x47\x7e\x7c\xf7\x15\x6e\x43\x3b\x59\x13\x53\x43\xb0\xae\x0b\xe7\xe6\x7c\x55\x73\x52\xa5\x2a\xc1\x42\xde\xfc\xf4\x1f\x8b\x5a\x8d\xfa\xcd\x0a\x65\x77\xa8\xce\x68\xd2\xc6\x26\xb5\x3f\xee\x4b\x01\x7b\xd2\x96\x23\x69\x53\xc7\x01\xe1\x0d\x39\xe9\x87\x49\x3b\xc8\xec\xda\x0c\xf9\xca\xad\x89\x42\x36\x6f\x93\x78\x78\x31\x55\x51\x09\x51\xc0\x96\xd7\xea\x61\xbf\xc2\x44\x08\x80\x43\xed\xc6\xbb\xfb\x94\xbd\xf8\xdf\x2b\xd8\x0b\x2e\x29\x1b\x8c\xc4\x8a\x04\x2d\x3a') s.send_packet() class KexGroupExchange(KexDH): def __init__(self, out: 'OutputBuffer', classname: str, hash_alg: str) -> None: super(KexGroupExchange, self).__init__(out, classname, hash_alg, 0, 0) def send_init(self, s: 'SSH_Socket', init_msg: int = Protocol.MSG_KEXDH_GEX_REQUEST) -> None: self.send_init_gex(s) # The group exchange starts with sending a message to the server with # the minimum, maximum, and preferred number of bits are for the DH group. # The server responds with a generator and prime modulus that matches that, # then the handshake continues on like a normal DH handshake (except the # SSH message types differ). def send_init_gex(self, s: 'SSH_Socket', minbits: int = 1024, prefbits: int = 2048, maxbits: int = 8192) -> None: # Send the initial group exchange request. Tell the server what range # of modulus sizes we will accept, along with our preference. s.write_byte(Protocol.MSG_KEXDH_GEX_REQUEST) s.write_int(minbits) s.write_int(prefbits) s.write_int(maxbits) s.send_packet() packet_type, payload = s.read_packet(2) if packet_type not in [Protocol.MSG_KEXDH_GEX_GROUP, Protocol.MSG_DEBUG]: raise KexDHException('Expected MSG_KEXDH_GEX_REPLY (%d), but got %d instead.' % (Protocol.MSG_KEXDH_GEX_REPLY, packet_type)) # Skip any & all MSG_DEBUG messages. while packet_type == Protocol.MSG_DEBUG: packet_type, payload = s.read_packet(2) try: # Parse the modulus (p) and generator (g) values from the server. ptr = 0 p_len = struct.unpack('>I', payload[ptr:ptr + 4])[0] ptr += 4 p = int(binascii.hexlify(payload[ptr:ptr + p_len]), 16) ptr += p_len g_len = struct.unpack('>I', payload[ptr:ptr + 4])[0] ptr += 4 g = int(binascii.hexlify(payload[ptr:ptr + g_len]), 16) ptr += g_len except struct.error: raise KexDHException("Error while parsing modulus and generator during GEX init: %s" % str(traceback.format_exc())) from None # Now that we got the generator and modulus, perform the DH exchange # like usual. super(KexGroupExchange, self).set_params(g, p) super(KexGroupExchange, self).send_init(s, Protocol.MSG_KEXDH_GEX_INIT) class KexGroupExchange_SHA1(KexGroupExchange): def __init__(self, out: 'OutputBuffer') -> None: super(KexGroupExchange_SHA1, self).__init__(out, 'KexGroupExchange_SHA1', 'sha1') class KexGroupExchange_SHA256(KexGroupExchange): def __init__(self, out: 'OutputBuffer') -> None: super(KexGroupExchange_SHA256, self).__init__(out, 'KexGroupExchange_SHA256', 'sha256') ssh-audit-3.3.0/src/ssh_audit/outputbuffer.py000066400000000000000000000152001470352310600212730ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2021 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import os import sys # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.utils import Utils class OutputBuffer: LEVELS: Sequence[str] = ('info', 'warn', 'fail') COLORS = {'head': 36, 'good': 32, 'warn': 33, 'fail': 31} # Use brighter colors on Windows for better readability. if Utils.is_windows(): COLORS = {'head': 96, 'good': 92, 'warn': 93, 'fail': 91} def __init__(self, buffer_output: bool = True) -> None: self.buffer_output = buffer_output self.buffer: List[str] = [] self.in_section = False self.section: List[str] = [] self.batch = False self.verbose = False self.debug = False self.use_colors = True self.json = False self.__level = 0 self.__is_color_supported = ('colorama' in sys.modules) or (os.name == 'posix') self.line_ended = True def _print(self, level: str, s: str = '', line_ended: bool = True) -> None: '''Saves output to buffer (if in buffered mode), or immediately prints to stdout otherwise.''' # If we're logging only 'warn' or above, and this is an 'info', ignore message. if self.get_level(level) < self.__level: return if self.use_colors and self.colors_supported and len(s) > 0 and level != 'info': s = "\033[0;%dm%s\033[0m" % (self.COLORS[level], s) if self.buffer_output: # Select which list to add to. If we are in a 'with' statement, then this goes in the section buffer, otherwise the general buffer. buf = self.section if self.in_section else self.buffer # Determine if a new line should be added, or if the last line should be appended. if not self.line_ended: last_entry = -1 if len(buf) > 0 else 0 buf[last_entry] = buf[last_entry] + s else: buf.append(s) # When False, this tells the next call to append to the last line we just added. self.line_ended = line_ended else: print(s) def get_buffer(self) -> str: '''Returns all buffered output, then clears the buffer.''' self.flush_section() buffer_str = "\n".join(self.buffer) self.buffer = [] return buffer_str def write(self) -> None: '''Writes the output to stdout.''' self.flush_section() print(self.get_buffer(), flush=True) def reset(self) -> None: self.flush_section() self.get_buffer() @property def level(self) -> str: '''Returns the minimum level for output.''' if self.__level < len(self.LEVELS): return self.LEVELS[self.__level] return 'unknown' @level.setter def level(self, name: str) -> None: '''Sets the minimum level for output (one of: 'info', 'warn', 'fail').''' self.__level = self.get_level(name) def get_level(self, name: str) -> int: cname = 'info' if name == 'good' else name if cname not in self.LEVELS: return sys.maxsize return self.LEVELS.index(cname) @property def colors_supported(self) -> bool: '''Returns True if the system supports color output.''' return self.__is_color_supported # When used in a 'with' block, the output to goes into a section; this can be sorted separately when add_section_to_buffer() is later called. def __enter__(self) -> 'OutputBuffer': self.in_section = True return self def __exit__(self, *args: Any) -> None: self.in_section = False def flush_section(self, sort_section: bool = False) -> None: '''Appends section output (optionally sorting it first) to the end of the buffer, then clears the section output.''' if sort_section: self.section.sort() self.buffer.extend(self.section) self.section = [] def is_section_empty(self) -> bool: '''Returns True if the section buffer is empty, otherwise False.''' return len(self.section) == 0 def head(self, s: str, line_ended: bool = True) -> 'OutputBuffer': if not self.batch: self._print('head', s, line_ended) return self def fail(self, s: str, line_ended: bool = True) -> 'OutputBuffer': self._print('fail', s, line_ended) return self def warn(self, s: str, line_ended: bool = True) -> 'OutputBuffer': self._print('warn', s, line_ended) return self def info(self, s: str, line_ended: bool = True) -> 'OutputBuffer': self._print('info', s, line_ended) return self def good(self, s: str, line_ended: bool = True) -> 'OutputBuffer': self._print('good', s, line_ended) return self def sep(self) -> 'OutputBuffer': if not self.batch: self._print('info') return self def v(self, s: str, write_now: bool = False) -> 'OutputBuffer': '''Prints a message if verbose output is enabled.''' if self.verbose or self.debug: self.info(s) if write_now: self.write() return self def d(self, s: str, write_now: bool = False) -> 'OutputBuffer': '''Prints a message if verbose output is enabled.''' if self.debug: self.info(s) if write_now: self.write() return self ssh-audit-3.3.0/src/ssh_audit/policy.py000066400000000000000000001041151470352310600200440ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2020-2024 Joe Testa (jtesta@positronsecurity.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import copy import json import sys from typing import Dict, List, Tuple from typing import Optional, Any, Union, cast from datetime import date from ssh_audit import exitcodes from ssh_audit.banner import Banner from ssh_audit.builtin_policies import BUILTIN_POLICIES from ssh_audit.globals import SNAP_PACKAGE, SNAP_PERMISSIONS_ERROR from ssh_audit.ssh2_kex import SSH2_Kex # Validates policy files and performs policy testing class Policy: WARNING_DEPRECATED_DIRECTIVES = "\nWARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.\n" def __init__(self, policy_file: Optional[str] = None, policy_data: Optional[str] = None, manual_load: bool = False, json_output: bool = False) -> None: self._name: Optional[str] = None self._version: Optional[str] = None self._banner: Optional[str] = None self._compressions: Optional[List[str]] = None self._host_keys: Optional[List[str]] = None self._optional_host_keys: Optional[List[str]] = None self._kex: Optional[List[str]] = None self._ciphers: Optional[List[str]] = None self._macs: Optional[List[str]] = None self._hostkey_sizes: Optional[Dict[str, Dict[str, Union[int, str, bytes]]]] = None self._dh_modulus_sizes: Optional[Dict[str, int]] = None self._server_policy = True self._allow_algorithm_subset_and_reordering = False self._allow_larger_keys = False self._errors: List[Any] = [] self._updated_builtin_policy_available = False # If True, an outdated built-in policy was loaded. self._name_and_version: str = '' # If invoked while JSON output is expected, send warnings to stderr instead of stdout (which would corrupt the JSON output). if json_output: self._warning_target = sys.stderr else: self._warning_target = sys.stdout # Ensure that only one mode was specified. num_modes = 0 if policy_file is not None: num_modes += 1 if policy_data is not None: num_modes += 1 if manual_load is True: num_modes += 1 if num_modes != 1: raise RuntimeError('Exactly one of the following can be specified only: policy_file, policy_data, or manual_load') if manual_load: return if policy_file is not None: try: with open(policy_file, "r", encoding='utf-8') as f: policy_data = f.read() except FileNotFoundError: print("Error: policy file not found: %s" % policy_file) sys.exit(exitcodes.UNKNOWN_ERROR) except PermissionError as e: # If installed as a Snap package, print a more useful message with potential work-arounds. if SNAP_PACKAGE: print(SNAP_PERMISSIONS_ERROR) else: print("Error: insufficient permissions: %s" % str(e)) sys.exit(exitcodes.UNKNOWN_ERROR) lines = [] if policy_data is not None: lines = policy_data.split("\n") for line in lines: line = line.strip() if (len(line) == 0) or line.startswith('#'): continue key = None val = None try: key, val = line.split('=') except ValueError as ve: raise ValueError("could not parse line: %s" % line) from ve key = key.strip() val = val.strip() if key not in ['name', 'version', 'banner', 'compressions', 'host keys', 'optional host keys', 'key exchanges', 'ciphers', 'macs', 'client policy', 'host_key_sizes', 'dh_modulus_sizes', 'allow_algorithm_subset_and_reordering', 'allow_larger_keys'] and not key.startswith('hostkey_size_') and not key.startswith('cakey_size_') and not key.startswith('dh_modulus_size_'): raise ValueError("invalid field found in policy: %s" % line) if key in ['name', 'banner']: # If the banner value is blank, set it to "" so that the code below handles it. if len(val) < 2: val = "\"\"" if (val[0] != '"') or (val[-1] != '"'): raise ValueError('the value for the %s field must be enclosed in quotes: %s' % (key, val)) # Remove the surrounding quotes, and unescape quotes & newlines. val = val[1:-1]. replace("\\\"", "\"").replace("\\n", "\n") if key == 'name': self._name = val elif key == 'banner': self._banner = val elif key == 'version': self._version = val elif key in ['compressions', 'host keys', 'optional host keys', 'key exchanges', 'ciphers', 'macs']: try: algs = val.split(',') except ValueError: # If the value has no commas, then set the algorithm list to just the value. algs = [val] # Strip whitespace in each algorithm name. algs = [alg.strip() for alg in algs] if key == 'compressions': self._compressions = algs elif key == 'host keys': self._host_keys = algs elif key == 'optional host keys': self._optional_host_keys = algs elif key == 'key exchanges': self._kex = algs elif key == 'ciphers': self._ciphers = algs elif key == 'macs': self._macs = algs elif key.startswith('hostkey_size_'): # Old host key size format. print(Policy.WARNING_DEPRECATED_DIRECTIVES, file=self._warning_target) # Warn the user that the policy file is using deprecated directives. hostkey_type = key[13:] hostkey_size = int(val) if self._hostkey_sizes is None: self._hostkey_sizes = {} self._hostkey_sizes[hostkey_type] = {'hostkey_size': hostkey_size, 'ca_key_type': '', 'ca_key_size': 0} elif key.startswith('cakey_size_'): # Old host key size format. print(Policy.WARNING_DEPRECATED_DIRECTIVES, file=self._warning_target) # Warn the user that the policy file is using deprecated directives. hostkey_type = key[11:] ca_key_size = int(val) ca_key_type = 'ssh-ed25519' if hostkey_type in ['ssh-rsa-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com']: ca_key_type = 'ssh-rsa' if self._hostkey_sizes is None: self._hostkey_sizes = {} self._hostkey_sizes[hostkey_type] = {'hostkey_size': hostkey_size, 'ca_key_type': ca_key_type, 'ca_key_size': ca_key_size} elif key == 'host_key_sizes': # New host key size format. self._hostkey_sizes = json.loads(val) # Fill in the trimmed fields that were omitted from the policy. self._normalize_hostkey_sizes() elif key.startswith('dh_modulus_size_'): # Old DH modulus format. print(Policy.WARNING_DEPRECATED_DIRECTIVES, file=self._warning_target) # Warn the user that the policy file is using deprecated directives. dh_type = key[16:] dh_size = int(val) if self._dh_modulus_sizes is None: self._dh_modulus_sizes = {} self._dh_modulus_sizes[dh_type] = dh_size elif key == 'dh_modulus_sizes': # New DH modulus format. self._dh_modulus_sizes = json.loads(val) elif key.startswith('client policy') and val.lower() == 'true': self._server_policy = False elif key == 'allow_algorithm_subset_and_reordering' and val.lower() == 'true': self._allow_algorithm_subset_and_reordering = True elif key == 'allow_larger_keys' and val.lower() == 'true': self._allow_larger_keys = True if self._name is None: raise ValueError('The policy does not have a name field.') if self._version is None: raise ValueError('The policy does not have a version field.') self._name_and_version = "%s (version %s)" % (self._name, self._version) def _append_error(self, mismatched_field: str, expected_required: Optional[List[str]], expected_optional: Optional[List[str]], actual: List[str]) -> None: if expected_required is None: expected_required = [''] if expected_optional is None: expected_optional = [''] self._errors.append({'mismatched_field': mismatched_field, 'expected_required': expected_required, 'expected_optional': expected_optional, 'actual': actual}) def _normalize_hostkey_sizes(self) -> None: '''Normalizes the self._hostkey_sizes structure to ensure all required fields are present.''' if self._hostkey_sizes is not None: for host_key_type in self._hostkey_sizes: if 'ca_key_type' not in self._hostkey_sizes[host_key_type]: self._hostkey_sizes[host_key_type]['ca_key_type'] = '' if 'ca_key_size' not in self._hostkey_sizes[host_key_type]: self._hostkey_sizes[host_key_type]['ca_key_size'] = 0 if 'raw_hostkey_bytes' not in self._hostkey_sizes[host_key_type]: self._hostkey_sizes[host_key_type]['raw_hostkey_bytes'] = b'' @staticmethod def create(source: Optional[str], banner: Optional['Banner'], kex: Optional['SSH2_Kex'], client_audit: bool) -> str: '''Creates a policy based on a server configuration. Returns a string.''' today = date.today().strftime('%Y/%m/%d') compressions = None host_keys = None kex_algs = None ciphers = None macs = None dh_modulus_sizes_str = '' client_policy_str = '' host_keys_json = '' if client_audit: client_policy_str = "\n# Set to true to signify this is a policy for clients, not servers.\nclient policy = true\n" if kex is not None: if kex.server.compression is not None: compressions = ', '.join(kex.server.compression) if kex.key_algorithms is not None: host_keys = ', '.join(kex.key_algorithms) if kex.kex_algorithms is not None: kex_algs = ', '.join(kex.kex_algorithms) if kex.server.encryption is not None: ciphers = ', '.join(kex.server.encryption) if kex.server.mac is not None: macs = ', '.join(kex.server.mac) if kex.host_keys(): # Make a deep copy of the host keys dict, then delete all the raw hostkey bytes from the copy. host_keys_trimmed = copy.deepcopy(kex.host_keys()) for hostkey_alg in host_keys_trimmed: del host_keys_trimmed[hostkey_alg]['raw_hostkey_bytes'] # Delete the CA signature if any of its fields are empty. if host_keys_trimmed[hostkey_alg]['ca_key_type'] == '' or host_keys_trimmed[hostkey_alg]['ca_key_size'] == 0: del host_keys_trimmed[hostkey_alg]['ca_key_type'] del host_keys_trimmed[hostkey_alg]['ca_key_size'] host_keys_json = "\n# Dictionary containing all host key and size information. Optionally contains the certificate authority's signature algorithm ('ca_key_type') and signature length ('ca_key_size'), if any.\nhost_key_sizes = %s\n" % json.dumps(host_keys_trimmed) if kex.dh_modulus_sizes(): dh_modulus_sizes_str = "\n# Group exchange DH modulus sizes.\ndh_modulus_sizes = %s\n" % json.dumps(kex.dh_modulus_sizes()) policy_data = '''# # Custom policy based on %s (created on %s) # %s # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Custom Policy (based on %s on %s)" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # When false, host keys, kex, ciphers, and MAC lists must match exactly. When true, the target host may support a subset of the specified algorithms and/or algorithms may appear in a different order; this feature is useful for specifying a baseline and allowing some hosts the option to implement stricter controls. allow_algorithm_subset_and_reordering = false # When false, host keys, CA keys, and Diffie-Hellman key sizes must exactly match what's specified in this policy. When true, target systems are allowed to have larger keys; this feature is useful for specifying a baseline and allowing some hosts the option to implement stricter controls. allow_larger_keys = false # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "%s" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = %s %s%s # The host key types that must match exactly (order matters). host keys = %s # Host key types that may optionally appear. #optional host keys = ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com # The key exchange algorithms that must match exactly (order matters). key exchanges = %s # The ciphers that must match exactly (order matters). ciphers = %s # The MACs that must match exactly (order matters). macs = %s ''' % (source, today, client_policy_str, source, today, banner, compressions, host_keys_json, dh_modulus_sizes_str, host_keys, kex_algs, ciphers, macs) return policy_data def evaluate(self, banner: Optional['Banner'], kex: Optional['SSH2_Kex']) -> Tuple[bool, List[Dict[str, str]], str]: '''Evaluates a server configuration against this policy. Returns a tuple of a boolean (True if server adheres to policy) and an array of strings that holds error messages.''' ret = True banner_str = str(banner) if (self._banner is not None) and (banner_str != self._banner): ret = False self._append_error('Banner', [self._banner], None, [banner_str]) # All subsequent tests require a valid kex, so end here if we don't have one. if kex is None: error_list, error_str = self._get_errors() return ret, error_list, error_str if (self._compressions is not None) and (kex.server.compression != self._compressions): ret = False self._append_error('Compression', self._compressions, None, kex.server.compression) # If a list of optional host keys was given in the policy, remove any of its entries from the list retrieved from the server. This allows us to do an exact comparison with the expected list below. pruned_host_keys = kex.key_algorithms if self._optional_host_keys is not None: pruned_host_keys = [x for x in kex.key_algorithms if x not in self._optional_host_keys] # Check host keys. if self._host_keys is not None: # If the policy allows subsets and re-ordered algorithms... if self._allow_algorithm_subset_and_reordering: for hostkey_t in kex.key_algorithms: if hostkey_t not in self._host_keys: ret = False self._append_error('Host keys', self._host_keys, self._optional_host_keys, kex.key_algorithms) break # The policy requires exact matching of algorithms. elif pruned_host_keys != self._host_keys: ret = False self._append_error('Host keys', self._host_keys, self._optional_host_keys, kex.key_algorithms) # Check host key sizes. if self._hostkey_sizes is not None: hostkey_types = list(self._hostkey_sizes.keys()) hostkey_types.sort() # Sorted to make testing output repeatable. for hostkey_type in hostkey_types: expected_hostkey_size = cast(int, self._hostkey_sizes[hostkey_type]['hostkey_size']) server_host_keys = kex.host_keys() if hostkey_type in server_host_keys: actual_hostkey_size = cast(int, server_host_keys[hostkey_type]['hostkey_size']) if (self._allow_larger_keys and actual_hostkey_size < expected_hostkey_size) or \ (not self._allow_larger_keys and actual_hostkey_size != expected_hostkey_size): ret = False self._append_error('Host key (%s) sizes' % hostkey_type, [str(expected_hostkey_size)], None, [str(actual_hostkey_size)]) # If we have expected CA signatures set, check them against what the server returned. if self._hostkey_sizes is not None and len(cast(str, self._hostkey_sizes[hostkey_type]['ca_key_type'])) > 0 and cast(int, self._hostkey_sizes[hostkey_type]['ca_key_size']) > 0: expected_ca_key_type = cast(str, self._hostkey_sizes[hostkey_type]['ca_key_type']) expected_ca_key_size = cast(int, self._hostkey_sizes[hostkey_type]['ca_key_size']) actual_ca_key_type = cast(str, server_host_keys[hostkey_type]['ca_key_type']) actual_ca_key_size = cast(int, server_host_keys[hostkey_type]['ca_key_size']) # Ensure that the CA signature type is what's expected (i.e.: the server doesn't have an RSA sig when we're expecting an ED25519 sig). if actual_ca_key_type != expected_ca_key_type: ret = False self._append_error('CA signature type', [expected_ca_key_type], None, [actual_ca_key_type]) # Ensure that the actual and expected signature sizes match. elif (self._allow_larger_keys and actual_ca_key_size < expected_ca_key_size) or \ (not self._allow_larger_keys and actual_ca_key_size != expected_ca_key_size): ret = False self._append_error('CA signature size (%s)' % actual_ca_key_type, [str(expected_ca_key_size)], None, [str(actual_ca_key_size)]) # Check key exchanges. if self._kex is not None: # If the policy allows subsets and re-ordered algorithms... if self._allow_algorithm_subset_and_reordering: for kex_t in kex.kex_algorithms: if kex_t not in self._kex: ret = False self._append_error('Key exchanges', self._kex, None, kex.kex_algorithms) break # If kex-strict-?-v00@openssh.com is in the policy (i.e. the Terrapin vulnerability countermeasure), then it must appear in the server's list, regardless of the "allow_algorithm_subset_and_reordering" flag. if ('kex-strict-s-v00@openssh.com' in self._kex and 'kex-strict-s-v00@openssh.com' not in kex.kex_algorithms) or \ ('kex-strict-c-v00@openssh.com' in self._kex and 'kex-strict-c-v00@openssh.com' not in kex.kex_algorithms): ret = False self._append_error('Key exchanges', self._kex, None, kex.kex_algorithms) # The policy requires exact matching of algorithms. elif kex.kex_algorithms != self._kex: ret = False self._append_error('Key exchanges', self._kex, None, kex.kex_algorithms) # Checking Ciphers if self._ciphers is not None: # If the policy allows subsets and re-ordered algorithms... if self._allow_algorithm_subset_and_reordering: for cipher_t in kex.server.encryption: if cipher_t not in self._ciphers: ret = False self._append_error('Ciphers', self._ciphers, None, kex.server.encryption) break # The policy requires exact matching of algorithms. elif kex.server.encryption != self._ciphers: ret = False self._append_error('Ciphers', self._ciphers, None, kex.server.encryption) # Checking MACs if self._macs is not None: # If the policy allows subsets and re-ordered algorithms... if self._allow_algorithm_subset_and_reordering: for mac_t in kex.server.mac: if mac_t not in self._macs: ret = False self._append_error('MACs', self._macs, None, kex.server.mac) break # The policy requires exact matching of algorithms. elif kex.server.mac != self._macs: ret = False self._append_error('MACs', self._macs, None, kex.server.mac) if self._dh_modulus_sizes is not None: dh_modulus_types = list(self._dh_modulus_sizes.keys()) dh_modulus_types.sort() # Sorted to make testing output repeatable. for dh_modulus_type in dh_modulus_types: expected_dh_modulus_size = self._dh_modulus_sizes[dh_modulus_type] if dh_modulus_type in kex.dh_modulus_sizes(): actual_dh_modulus_size = kex.dh_modulus_sizes()[dh_modulus_type] if (self._allow_larger_keys and actual_dh_modulus_size < expected_dh_modulus_size) or \ (not self._allow_larger_keys and actual_dh_modulus_size != expected_dh_modulus_size): ret = False self._append_error('Group exchange (%s) modulus sizes' % dh_modulus_type, [str(expected_dh_modulus_size)], None, [str(actual_dh_modulus_size)]) error_list, error_str = self._get_errors() return ret, error_list, error_str def _get_errors(self) -> Tuple[List[Any], str]: '''Returns the list of errors, along with the string representation of those errors.''' subset_and_reordering_semicolon = "; subset and/or reordering allowed" if self._allow_algorithm_subset_and_reordering else "; exact match" subset_and_reordering_parens = " (subset and/or reordering allowed)" if self._allow_algorithm_subset_and_reordering else "" error_list = [] spacer = '' for e in self._errors: e_str = " * %s did not match.\n" % e['mismatched_field'] if ('expected_optional' in e) and (e['expected_optional'] != ['']): e_str += " - Expected (required%s): %s\n - Expected (optional): %s\n" % (subset_and_reordering_semicolon, Policy._normalize_error_field(e['expected_required']), Policy._normalize_error_field(e['expected_optional'])) spacer = ' ' else: e_str += " - Expected%s: %s\n" % (subset_and_reordering_parens, Policy._normalize_error_field(e['expected_required'])) spacer = ' ' e_str += " - Actual:%s%s\n" % (spacer, Policy._normalize_error_field(e['actual'])) error_list.append(e_str) error_list.sort() # To ensure repeatable results for testing. error_str = '' if len(error_list) > 0: error_str = "\n".join(error_list) return self._errors, error_str def get_name_and_version(self) -> str: '''Returns a string of this Policy's name and version.''' return self._name_and_version def is_outdated_builtin_policy(self) -> bool: '''Returns True if this is a built-in policy that has a more recent version available than currently selected.''' return self._updated_builtin_policy_available def is_server_policy(self) -> bool: '''Returns True if this is a server policy, or False if this is a client policy.''' return self._server_policy @staticmethod def list_builtin_policies(verbose: bool) -> Tuple[List[str], List[str]]: '''Returns two lists: a list of names of built-in server policies, and a list of names of built-in client policies, respectively.''' server_policy_descriptions = [] client_policy_descriptions = [] latest_server_policies: Dict[str, Dict[str, Union[int, str]]] = {} latest_client_policies: Dict[str, Dict[str, Union[int, str]]] = {} for policy_name, policy in BUILTIN_POLICIES.items(): # If not in verbose mode, only store the latest version of each policy. if not verbose: policy_description = "\"{:s}\"".format(policy_name) # Truncate the version off the policy name and obtain the version as an integer. (i.e.: "Platform X (version 3)" -> "Platform X", 3 policy_name_no_version = "" version = 0 version_pos = policy_name.find(" (version ") if version_pos != -1: policy_name_no_version = policy_name[0:version_pos] version = int(cast(str, policy['version'])) # Unit tests guarantee this to be parseable as an int. d = latest_server_policies if policy['server_policy'] else latest_client_policies if policy_name_no_version not in d: d[policy_name_no_version] = {} d[policy_name_no_version]['latest_version'] = version d[policy_name_no_version]['description'] = policy_description elif version > cast(int, d[policy_name_no_version]['latest_version']): # If an updated version of the policy was found, replace the old one. d[policy_name_no_version]['latest_version'] = version d[policy_name_no_version]['description'] = policy_description else: # In verbose mode, return all policy versions. policy_description = "\"{:s}\": {:s}".format(policy_name, policy['changelog']) if policy['server_policy']: server_policy_descriptions.append(policy_description) else: client_policy_descriptions.append(policy_description) # Now that we have references to the latest policies only, add their full descriptions to the lists for returning. if not verbose: for _, dd in latest_server_policies.items(): server_policy_descriptions.append(cast(str, dd['description'])) for _, dd in latest_client_policies.items(): client_policy_descriptions.append(cast(str, dd['description'])) # Sort the lists for better readability. server_policy_descriptions.sort() client_policy_descriptions.sort() return server_policy_descriptions, client_policy_descriptions @staticmethod def load_builtin_policy(policy_name: str, json_output: bool = False) -> Optional['Policy']: '''Returns a Policy with the specified built-in policy name loaded, or None if no policy of that name exists.''' p = None if policy_name in BUILTIN_POLICIES: policy_struct = BUILTIN_POLICIES[policy_name] p = Policy(manual_load=True, json_output=json_output) policy_name_without_version = policy_name[0:policy_name.rfind(' (')] p._name = policy_name_without_version # pylint: disable=protected-access p._version = cast(str, policy_struct['version']) # pylint: disable=protected-access p._banner = cast(Optional[str], policy_struct['banner']) # pylint: disable=protected-access p._compressions = cast(Optional[List[str]], policy_struct['compressions']) # pylint: disable=protected-access p._host_keys = cast(Optional[List[str]], policy_struct['host_keys']) # pylint: disable=protected-access p._optional_host_keys = cast(Optional[List[str]], policy_struct['optional_host_keys']) # pylint: disable=protected-access p._kex = cast(Optional[List[str]], policy_struct['kex']) # pylint: disable=protected-access p._ciphers = cast(Optional[List[str]], policy_struct['ciphers']) # pylint: disable=protected-access p._macs = cast(Optional[List[str]], policy_struct['macs']) # pylint: disable=protected-access p._hostkey_sizes = cast(Optional[Dict[str, Dict[str, Union[int, str, bytes]]]], policy_struct['hostkey_sizes']) # pylint: disable=protected-access p._dh_modulus_sizes = cast(Optional[Dict[str, int]], policy_struct['dh_modulus_sizes']) # pylint: disable=protected-access p._server_policy = cast(bool, policy_struct['server_policy']) # pylint: disable=protected-access p._name_and_version = "%s (version %s)" % (p._name, p._version) # pylint: disable=protected-access # Ensure this struct has all the necessary fields. p._normalize_hostkey_sizes() # pylint: disable=protected-access # Now check if an updated version of the requested policy exists. If so, set a warning for the user. if p is not None and p._version is not None: # pylint: disable=protected-access next_version = str(int(p._version) + 1) # pylint: disable=protected-access name_version_pos = policy_name.find("(version ") next_version_name = policy_name[0:name_version_pos] + "(version %s)" % next_version if next_version_name in BUILTIN_POLICIES: p._updated_builtin_policy_available = True # pylint: disable=protected-access return p @staticmethod def _normalize_error_field(field: List[str]) -> Any: '''If field is an array with a string parsable as an integer, return that integer. Otherwise, return the field joined with commas.''' if len(field) == 1: try: return int(field[0]) except ValueError: return field[0] else: return ', '.join(field) def __str__(self) -> str: undefined = '{undefined}' name = undefined version = undefined banner = undefined compressions_str = undefined host_keys_str = undefined optional_host_keys_str = undefined kex_str = undefined ciphers_str = undefined macs_str = undefined hostkey_sizes_str = undefined dh_modulus_sizes_str = undefined if self._name is not None: name = '[%s]' % self._name if self._version is not None: version = '[%s]' % self._version if self._banner is not None: banner = '[%s]' % self._banner if self._compressions is not None: compressions_str = ', '.join(self._compressions) if self._host_keys is not None: host_keys_str = ', '.join(self._host_keys) if self._optional_host_keys is not None: optional_host_keys_str = ', '.join(self._optional_host_keys) if self._kex is not None: kex_str = ', '.join(self._kex) if self._ciphers is not None: ciphers_str = ', '.join(self._ciphers) if self._macs is not None: macs_str = ', '.join(self._macs) if self._hostkey_sizes is not None: hostkey_sizes_str = str(self._hostkey_sizes) if self._dh_modulus_sizes is not None: dh_modulus_sizes_str = str(self._dh_modulus_sizes) return "Name: %s\nVersion: %s\nAllow Algorithm Subset and/or Reordering: %r\nBanner: %s\nCompressions: %s\nHost Keys: %s\nOptional Host Keys: %s\nKey Exchanges: %s\nCiphers: %s\nMACs: %s\nHost Key Sizes: %s\nDH Modulus Sizes: %s\nServer Policy: %r" % (name, version, self._allow_algorithm_subset_and_reordering, banner, compressions_str, host_keys_str, optional_host_keys_str, kex_str, ciphers_str, macs_str, hostkey_sizes_str, dh_modulus_sizes_str, self._server_policy) def __getstate__(self) -> Dict[str, Any]: '''Called when pickling this object. The file descriptor isn't serializable, so we'll remove it from the state and include a string representation.''' state = self.__dict__.copy() if state['_warning_target'] == sys.stdout: state['_warning_target_type'] = 'stdout' else: state['_warning_target_type'] = 'stderr' del state['_warning_target'] return state def __setstate__(self, state: Dict[str, Any]) -> None: '''Called when unpickling this object. Based on the string representation of the file descriptor, we'll restore the right handle.''' if state['_warning_target_type'] == 'stdout': state['_warning_target'] = sys.stdout else: state['_warning_target'] = sys.stderr del state['_warning_target_type'] self.__dict__.update(state) ssh-audit-3.3.0/src/ssh_audit/product.py000066400000000000000000000024751470352310600202330ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ class Product: # pylint: disable=too-few-public-methods OpenSSH = 'OpenSSH' DropbearSSH = 'Dropbear SSH' LibSSH = 'libssh' TinySSH = 'TinySSH' PuTTY = 'PuTTY' ssh-audit-3.3.0/src/ssh_audit/protocol.py000066400000000000000000000026751470352310600204160ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ class Protocol: # pylint: disable=too-few-public-methods SMSG_PUBLIC_KEY = 2 MSG_DEBUG = 4 MSG_KEXINIT = 20 MSG_NEWKEYS = 21 MSG_KEXDH_INIT = 30 MSG_KEXDH_REPLY = 31 MSG_KEXDH_GEX_REQUEST = 34 MSG_KEXDH_GEX_GROUP = 31 MSG_KEXDH_GEX_INIT = 32 MSG_KEXDH_GEX_REPLY = 33 ssh-audit-3.3.0/src/ssh_audit/readbuf.py000066400000000000000000000063761470352310600201670ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import io import struct # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 class ReadBuf: def __init__(self, data: Optional[bytes] = None) -> None: super(ReadBuf, self).__init__() self._buf = io.BytesIO(data) if data is not None else io.BytesIO() self._len = len(data) if data is not None else 0 @property def unread_len(self) -> int: return self._len - self._buf.tell() def read(self, size: int) -> bytes: return self._buf.read(size) def read_byte(self) -> int: v: int = struct.unpack('B', self.read(1))[0] return v def read_bool(self) -> bool: return self.read_byte() != 0 def read_int(self) -> int: v: int = struct.unpack('>I', self.read(4))[0] return v def read_list(self) -> List[str]: list_size = self.read_int() return self.read(list_size).decode('utf-8', 'replace').split(',') def read_string(self) -> bytes: n = self.read_int() return self.read(n) @classmethod def _parse_mpint(cls, v: bytes, pad: bytes, f: str) -> int: r = 0 if len(v) % 4 != 0: v = pad * (4 - (len(v) % 4)) + v for i in range(0, len(v), 4): r = (r << 32) | struct.unpack(f, v[i:i + 4])[0] return r def read_mpint1(self) -> int: # NOTE: Data Type Enc @ http://www.snailbook.com/docs/protocol-1.5.txt bits = struct.unpack('>H', self.read(2))[0] n = (bits + 7) // 8 return self._parse_mpint(self.read(n), b'\x00', '>I') def read_mpint2(self) -> int: # NOTE: Section 5 @ https://www.ietf.org/rfc/rfc4251.txt v = self.read_string() if len(v) == 0: return 0 pad, f = (b'\xff', '>i') if ord(v[0:1]) & 0x80 != 0 else (b'\x00', '>I') return self._parse_mpint(v, pad, f) def read_line(self) -> str: return self._buf.readline().rstrip().decode('utf-8', 'replace') def reset(self) -> None: self._buf = io.BytesIO() self._len = 0 ssh-audit-3.3.0/src/ssh_audit/software.py000066400000000000000000000216231470352310600204010ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import re # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.banner import Banner from ssh_audit.product import Product class Software: def __init__(self, vendor: Optional[str], product: str, version: str, patch: Optional[str], os_version: Optional[str]) -> None: self.__vendor = vendor self.__product = product self.__version = version self.__patch = patch self.__os = os_version @property def vendor(self) -> Optional[str]: return self.__vendor @property def product(self) -> str: return self.__product @property def version(self) -> str: return self.__version @property def patch(self) -> Optional[str]: return self.__patch @property def os(self) -> Optional[str]: return self.__os def compare_version(self, other: Union[None, 'Software', str]) -> int: # pylint: disable=too-many-branches,too-many-return-statements if other is None: return 1 if isinstance(other, Software): other = '{}{}'.format(other.version, other.patch or '') else: other = str(other) mx = re.match(r'^([\d\.]+\d+)(.*)$', other) if mx is not None: oversion, opatch = mx.group(1), mx.group(2).strip() else: oversion, opatch = other, '' if self.version < oversion: return -1 elif self.version > oversion: return 1 spatch = self.patch or '' if self.product == Product.DropbearSSH: if not re.match(r'^test\d.*$', opatch): opatch = 'z{}'.format(opatch) if not re.match(r'^test\d.*$', spatch): spatch = 'z{}'.format(spatch) elif self.product == Product.OpenSSH: mx1 = re.match(r'^p(\d).*', opatch) mx2 = re.match(r'^p(\d).*', spatch) if not (bool(mx1) and bool(mx2)): if mx1 is not None: opatch = mx1.group(1) if mx2 is not None: spatch = mx2.group(1) # OpenBSD version and p1 versions are considered the same. if ((spatch == '') and (opatch == '1')) or ((spatch == '1') and (opatch == '')): return 0 if spatch < opatch: return -1 elif spatch > opatch: return 1 return 0 def between_versions(self, vfrom: str, vtill: str) -> bool: if bool(vfrom) and self.compare_version(vfrom) < 0: return False if bool(vtill) and self.compare_version(vtill) > 0: return False return True def display(self, full: bool = True) -> str: r = '{} '.format(self.vendor) if bool(self.vendor) else '' r += self.product if bool(self.version): r += ' {}'.format(self.version) if full: patch = self.patch or '' if self.product == Product.OpenSSH: mx = re.match(r'^(p\d)(.*)$', patch) if mx is not None: r += mx.group(1) patch = mx.group(2).strip() if bool(patch): r += ' ({})'.format(patch) if bool(self.os): r += ' running on {}'.format(self.os) return r def __str__(self) -> str: return self.display() def __repr__(self) -> str: r = 'vendor={}, '.format(self.vendor) if bool(self.vendor) else '' r += 'product={}'.format(self.product) if bool(self.version): r += ', version={}'.format(self.version) if bool(self.patch): r += ', patch={}'.format(self.patch) if bool(self.os): r += ', os={}'.format(self.os) return '<{}({})>'.format(self.__class__.__name__, r) @staticmethod def _fix_patch(patch: str) -> Optional[str]: return re.sub(r'^[-_\.]+', '', patch) or None @staticmethod def _fix_date(d: Optional[str]) -> Optional[str]: if d is not None and len(d) == 8: return '{}-{}-{}'.format(d[:4], d[4:6], d[6:8]) else: return None @classmethod def _extract_os_version(cls, c: Optional[str]) -> Optional[str]: if c is None: return None mx = re.match(r'^NetBSD(?:_Secure_Shell)?(?:[\s-]+(\d{8})(.*))?$', c) if mx is not None: d = cls._fix_date(mx.group(1)) return 'NetBSD' if d is None else 'NetBSD ({})'.format(d) mx = re.match(r'^FreeBSD(?:\slocalisations)?[\s-]+(\d{8})(.*)$', c) if not bool(mx): mx = re.match(r'^[^@]+@FreeBSD\.org[\s-]+(\d{8})(.*)$', c) if mx is not None: d = cls._fix_date(mx.group(1)) return 'FreeBSD' if d is None else 'FreeBSD ({})'.format(d) w = ['RemotelyAnywhere', 'DesktopAuthority', 'RemoteSupportManager'] for win_soft in w: mx = re.match(r'^in ' + win_soft + r' ([\d\.]+\d)$', c) if mx is not None: ver = mx.group(1) return 'Microsoft Windows ({} {})'.format(win_soft, ver) generic = ['NetBSD', 'FreeBSD'] for g in generic: if c.startswith(g) or c.endswith(g): return g return None @classmethod def parse(cls, banner: 'Banner') -> Optional['Software']: # pylint: disable=too-many-return-statements software = str(banner.software) mx = re.match(r'^dropbear_([\d\.]+\d+)(.*)', software) v: Optional[str] = None if mx is not None: patch = cls._fix_patch(mx.group(2)) v, p = 'Matt Johnston', Product.DropbearSSH v = None return cls(v, p, mx.group(1), patch, None) mx = re.match(r'^OpenSSH[_\.-]+([\d\.]+\d+)(.*)', software) if mx is not None: patch = cls._fix_patch(mx.group(2)) v, p = 'OpenBSD', Product.OpenSSH v = None os_version = cls._extract_os_version(banner.comments) return cls(v, p, mx.group(1), patch, os_version) mx = re.match(r'^libssh-([\d\.]+\d+)(.*)', software) if mx is not None: patch = cls._fix_patch(mx.group(2)) v, p = None, Product.LibSSH os_version = cls._extract_os_version(banner.comments) return cls(v, p, mx.group(1), patch, os_version) mx = re.match(r'^libssh_([\d\.]+\d+)(.*)', software) if mx is not None: patch = cls._fix_patch(mx.group(2)) v, p = None, Product.LibSSH os_version = cls._extract_os_version(banner.comments) return cls(v, p, mx.group(1), patch, os_version) mx = re.match(r'^RomSShell_([\d\.]+\d+)(.*)', software) if mx is not None: patch = cls._fix_patch(mx.group(2)) v, p = 'Allegro Software', 'RomSShell' return cls(v, p, mx.group(1), patch, None) mx = re.match(r'^mpSSH_([\d\.]+\d+)', software) if mx is not None: v, p = 'HP', 'iLO (Integrated Lights-Out) sshd' return cls(v, p, mx.group(1), None, None) mx = re.match(r'^Cisco-([\d\.]+\d+)', software) if mx is not None: v, p = 'Cisco', 'IOS/PIX sshd' return cls(v, p, mx.group(1), None, None) mx = re.match(r'^tinyssh_(.*)', software) if mx is not None: return cls(None, Product.TinySSH, mx.group(1), None, None) mx = re.match(r'^PuTTY_Release_(.*)', software) if mx: return cls(None, Product.PuTTY, mx.group(1), None, None) mx = re.match(r'^lancom(.*)', software) if mx: v, p = 'LANcom', 'LCOS sshd' return cls(v, p, mx.group(1), None, None) return None ssh-audit-3.3.0/src/ssh_audit/ssh1.py000066400000000000000000000033171470352310600174250ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.ssh1_crc32 import SSH1_CRC32 class SSH1: _crc32: Optional[SSH1_CRC32] = None CIPHERS = ['none', 'idea', 'des', '3des', 'tss', 'rc4', 'blowfish'] AUTHS = ['none', 'rhosts', 'rsa', 'password', 'rhosts_rsa', 'tis', 'kerberos'] @classmethod def crc32(cls, v: bytes) -> int: if cls._crc32 is None: cls._crc32 = SSH1_CRC32() return cls._crc32.calc(v) ssh-audit-3.3.0/src/ssh_audit/ssh1_crc32.py000066400000000000000000000035471470352310600204260ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 class SSH1_CRC32: def __init__(self) -> None: self._table = [0] * 256 for i in range(256): crc = 0 n = i for _ in range(8): x = (crc ^ n) & 1 crc = (crc >> 1) ^ (x * 0xedb88320) n = n >> 1 self._table[i] = crc def calc(self, v: bytes) -> int: crc, length = 0, len(v) for i in range(length): n = ord(v[i:i + 1]) n = n ^ (crc & 0xff) crc = (crc >> 8) ^ self._table[n] return crc ssh-audit-3.3.0/src/ssh_audit/ssh1_kexdb.py000066400000000000000000000066641470352310600206120ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import import copy import threading from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 class SSH1_KexDB: # pylint: disable=too-few-public-methods FAIL_PLAINTEXT = 'no encryption/integrity' FAIL_OPENSSH37_REMOVE = 'removed since OpenSSH 3.7' FAIL_NA_BROKEN = 'not implemented in OpenSSH, broken algorithm' FAIL_NA_UNSAFE = 'not implemented in OpenSSH (server), unsafe algorithm' TEXT_CIPHER_IDEA = 'cipher used by commercial SSH' DB_PER_THREAD: Dict[int, Dict[str, Dict[str, List[List[Optional[str]]]]]] = {} MASTER_DB: Dict[str, Dict[str, List[List[Optional[str]]]]] = { 'key': { 'ssh-rsa1': [['1.2.2']], }, 'enc': { 'none': [['1.2.2'], [FAIL_PLAINTEXT]], 'idea': [[None], [], [], [TEXT_CIPHER_IDEA]], 'des': [['2.3.0C'], [FAIL_NA_UNSAFE]], '3des': [['1.2.2']], 'tss': [[''], [FAIL_NA_BROKEN]], 'rc4': [[], [FAIL_NA_BROKEN]], 'blowfish': [['1.2.2']], }, 'aut': { 'rhosts': [['1.2.2', '3.6'], [FAIL_OPENSSH37_REMOVE]], 'rsa': [['1.2.2']], 'password': [['1.2.2']], 'rhosts_rsa': [['1.2.2']], 'tis': [['1.2.2']], 'kerberos': [['1.2.2', '3.6'], [FAIL_OPENSSH37_REMOVE]], } } @staticmethod def get_db() -> Dict[str, Dict[str, List[List[Optional[str]]]]]: '''Returns a copy of the MASTER_DB that is private to the calling thread. This prevents multiple threads from polluting the results of other threads.''' calling_thread_id = threading.get_ident() if calling_thread_id not in SSH1_KexDB.DB_PER_THREAD: SSH1_KexDB.DB_PER_THREAD[calling_thread_id] = copy.deepcopy(SSH1_KexDB.MASTER_DB) return SSH1_KexDB.DB_PER_THREAD[calling_thread_id] @staticmethod def thread_exit() -> None: '''Deletes the calling thread's copy of the MASTER_DB. This is needed because, in rare circumstances, a terminated thread's ID can be re-used by new threads.''' calling_thread_id = threading.get_ident() if calling_thread_id in SSH1_KexDB.DB_PER_THREAD: del SSH1_KexDB.DB_PER_THREAD[calling_thread_id] ssh-audit-3.3.0/src/ssh_audit/ssh1_publickeymessage.py000066400000000000000000000123061470352310600230370ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.ssh1 import SSH1 from ssh_audit.readbuf import ReadBuf from ssh_audit.utils import Utils from ssh_audit.writebuf import WriteBuf class SSH1_PublicKeyMessage: def __init__(self, cookie: bytes, skey: Tuple[int, int, int], hkey: Tuple[int, int, int], pflags: int, cmask: int, amask: int) -> None: if len(skey) != 3: raise ValueError('invalid server key pair: {}'.format(skey)) if len(hkey) != 3: raise ValueError('invalid host key pair: {}'.format(hkey)) self.__cookie = cookie self.__server_key = skey self.__host_key = hkey self.__protocol_flags = pflags self.__supported_ciphers_mask = cmask self.__supported_authentications_mask = amask @property def cookie(self) -> bytes: return self.__cookie @property def server_key_bits(self) -> int: return self.__server_key[0] @property def server_key_public_exponent(self) -> int: return self.__server_key[1] @property def server_key_public_modulus(self) -> int: return self.__server_key[2] @property def host_key_bits(self) -> int: return self.__host_key[0] @property def host_key_public_exponent(self) -> int: return self.__host_key[1] @property def host_key_public_modulus(self) -> int: return self.__host_key[2] @property def host_key_fingerprint_data(self) -> bytes: # pylint: disable=protected-access mod = WriteBuf._create_mpint(self.host_key_public_modulus, False) e = WriteBuf._create_mpint(self.host_key_public_exponent, False) return mod + e @property def protocol_flags(self) -> int: return self.__protocol_flags @property def supported_ciphers_mask(self) -> int: return self.__supported_ciphers_mask @property def supported_ciphers(self) -> List[str]: ciphers = [] for i in range(len(SSH1.CIPHERS)): # pylint: disable=consider-using-enumerate if self.__supported_ciphers_mask & (1 << i) != 0: ciphers.append(Utils.to_text(SSH1.CIPHERS[i])) return ciphers @property def supported_authentications_mask(self) -> int: return self.__supported_authentications_mask @property def supported_authentications(self) -> List[str]: auths = [] for i in range(1, len(SSH1.AUTHS)): if self.__supported_authentications_mask & (1 << i) != 0: auths.append(Utils.to_text(SSH1.AUTHS[i])) return auths def write(self, wbuf: 'WriteBuf') -> None: wbuf.write(self.cookie) wbuf.write_int(self.server_key_bits) wbuf.write_mpint1(self.server_key_public_exponent) wbuf.write_mpint1(self.server_key_public_modulus) wbuf.write_int(self.host_key_bits) wbuf.write_mpint1(self.host_key_public_exponent) wbuf.write_mpint1(self.host_key_public_modulus) wbuf.write_int(self.protocol_flags) wbuf.write_int(self.supported_ciphers_mask) wbuf.write_int(self.supported_authentications_mask) @property def payload(self) -> bytes: wbuf = WriteBuf() self.write(wbuf) return wbuf.write_flush() @classmethod def parse(cls, payload: bytes) -> 'SSH1_PublicKeyMessage': buf = ReadBuf(payload) cookie = buf.read(8) server_key_bits = buf.read_int() server_key_exponent = buf.read_mpint1() server_key_modulus = buf.read_mpint1() skey = (server_key_bits, server_key_exponent, server_key_modulus) host_key_bits = buf.read_int() host_key_exponent = buf.read_mpint1() host_key_modulus = buf.read_mpint1() hkey = (host_key_bits, host_key_exponent, host_key_modulus) pflags = buf.read_int() cmask = buf.read_int() amask = buf.read_int() pkm = cls(cookie, skey, hkey, pflags, cmask, amask) return pkm ssh-audit-3.3.0/src/ssh_audit/ssh2_kex.py000066400000000000000000000133511470352310600202740ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ from typing import Dict, List from typing import Union from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.readbuf import ReadBuf from ssh_audit.ssh2_kexparty import SSH2_KexParty from ssh_audit.writebuf import WriteBuf class SSH2_Kex: def __init__(self, outputbuffer: 'OutputBuffer', cookie: bytes, kex_algs: List[str], key_algs: List[str], cli: 'SSH2_KexParty', srv: 'SSH2_KexParty', follows: bool, unused: int = 0) -> None: # pylint: disable=too-many-arguments self.__outputbuffer = outputbuffer self.__cookie = cookie self.__kex_algs = kex_algs self.__key_algs = key_algs self.__client = cli self.__server = srv self.__follows = follows self.__unused = unused self.__dh_modulus_sizes: Dict[str, int] = {} self.__host_keys: Dict[str, Dict[str, Union[bytes, str, int]]] = {} @property def cookie(self) -> bytes: return self.__cookie @property def kex_algorithms(self) -> List[str]: return self.__kex_algs @property def key_algorithms(self) -> List[str]: return self.__key_algs # client_to_server @property def client(self) -> 'SSH2_KexParty': return self.__client # server_to_client @property def server(self) -> 'SSH2_KexParty': return self.__server @property def follows(self) -> bool: return self.__follows @property def unused(self) -> int: return self.__unused def set_dh_modulus_size(self, gex_alg: str, modulus_size: int) -> None: self.__dh_modulus_sizes[gex_alg] = modulus_size def dh_modulus_sizes(self) -> Dict[str, int]: return self.__dh_modulus_sizes def set_host_key(self, key_type: str, raw_hostkey_bytes: bytes, hostkey_size: int, ca_key_type: str, ca_key_size: int) -> None: if key_type not in self.__host_keys: self.__host_keys[key_type] = {'raw_hostkey_bytes': raw_hostkey_bytes, 'hostkey_size': hostkey_size, 'ca_key_type': ca_key_type, 'ca_key_size': ca_key_size} else: # A host key may only have one CA signature... self.__outputbuffer.d("WARNING: called SSH2_Kex.set_host_key() multiple times with the same host key type (%s)! Existing info: %r, %r, %r; Duplicate (ignored) info: %r, %r, %r" % (key_type, self.__host_keys[key_type]['hostkey_size'], self.__host_keys[key_type]['ca_key_type'], self.__host_keys[key_type]['ca_key_size'], hostkey_size, ca_key_type, ca_key_size)) def host_keys(self) -> Dict[str, Dict[str, Union[bytes, str, int]]]: return self.__host_keys def write(self, wbuf: 'WriteBuf') -> None: wbuf.write(self.cookie) wbuf.write_list(self.kex_algorithms) wbuf.write_list(self.key_algorithms) wbuf.write_list(self.client.encryption) wbuf.write_list(self.server.encryption) wbuf.write_list(self.client.mac) wbuf.write_list(self.server.mac) wbuf.write_list(self.client.compression) wbuf.write_list(self.server.compression) wbuf.write_list(self.client.languages) wbuf.write_list(self.server.languages) wbuf.write_bool(self.follows) wbuf.write_int(self.__unused) @property def payload(self) -> bytes: wbuf = WriteBuf() self.write(wbuf) return wbuf.write_flush() @classmethod def parse(cls, outputbuffer: 'OutputBuffer', payload: bytes) -> 'SSH2_Kex': buf = ReadBuf(payload) cookie = buf.read(16) kex_algs = buf.read_list() key_algs = buf.read_list() cli_enc = buf.read_list() srv_enc = buf.read_list() cli_mac = buf.read_list() srv_mac = buf.read_list() cli_compression = buf.read_list() srv_compression = buf.read_list() cli_languages = buf.read_list() srv_languages = buf.read_list() follows = buf.read_bool() unused = buf.read_int() cli = SSH2_KexParty(cli_enc, cli_mac, cli_compression, cli_languages) srv = SSH2_KexParty(srv_enc, srv_mac, srv_compression, srv_languages) kex = cls(outputbuffer, cookie, kex_algs, key_algs, cli, srv, follows, unused) return kex def __str__(self) -> str: ret = "----\nSSH2_Kex object:" ret += "\nHost keys: " ret += ", ".join(self.__key_algs) ret += "\nKey exchanges: " ret += ", ".join(self.__kex_algs) ret += "\nClient SSH2_KexParty:" ret += "\n" + str(self.__client) ret += "\nServer SSH2_KexParty:" ret += "\n" + str(self.__server) ret += "\n----" return ret ssh-audit-3.3.0/src/ssh_audit/ssh2_kexdb.py000066400000000000000000001012471470352310600206040ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import import copy import threading from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 class SSH2_KexDB: # pylint: disable=too-few-public-methods FAIL_1024BIT_MODULUS = 'using small 1024-bit modulus' FAIL_3DES = 'using broken & deprecated 3DES cipher' FAIL_BLOWFISH = 'using weak & deprecated Blowfish cipher' FAIL_CAST = 'using weak & deprecated CAST cipher' FAIL_DES = 'using broken DES cipher' FAIL_IDEA = 'using deprecated IDEA cipher' FAIL_LOGJAM_ATTACK = 'vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)' FAIL_MD5 = 'using broken MD5 hash algorithm' FAIL_NSA_BACKDOORED_CURVE = 'using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency' FAIL_PLAINTEXT = 'no encryption/integrity' FAIL_RC4 = 'using broken RC4 cipher' FAIL_RIJNDAEL = 'using deprecated & non-standardized Rijndael cipher' FAIL_RIPEMD = 'using deprecated RIPEMD hash algorithm' FAIL_SEED = 'using deprecated SEED cipher' FAIL_SERPENT = 'using deprecated Serpent cipher' FAIL_SHA1 = 'using broken SHA-1 hash algorithm' FAIL_SMALL_ECC_MODULUS = 'using small ECC modulus' FAIL_UNKNOWN = 'using unknown algorithm' FAIL_UNPROVEN = 'using unproven algorithm' FAIL_UNTRUSTED = 'using untrusted algorithm developed in secret by a government entity' WARN_2048BIT_MODULUS = '2048-bit modulus only provides 112-bits of symmetric strength' WARN_BLOCK_SIZE = 'using small 64-bit block size' WARN_CIPHER_MODE = 'using weak cipher mode' WARN_ENCRYPT_AND_MAC = 'using encrypt-and-MAC mode' WARN_EXPERIMENTAL = 'using experimental algorithm' WARN_RNDSIG_KEY = 'using weak random number generator could reveal the key' WARN_TAG_SIZE = 'using small 64-bit tag size' WARN_TAG_SIZE_96 = 'using small 96-bit tag size' INFO_DEFAULT_OPENSSH_CIPHER = 'default cipher since OpenSSH 6.9' INFO_DEFAULT_OPENSSH_KEX_65_TO_73 = 'default key exchange from OpenSSH 6.5 to 7.3' INFO_DEFAULT_OPENSSH_KEX_74_TO_89 = 'default key exchange from OpenSSH 7.4 to 8.9' INFO_DEFAULT_OPENSSH_KEX_90_TO_98 = 'default key exchange from OpenSSH 9.0 to 9.8' INFO_DEFAULT_OPENSSH_KEX_99 = 'default key exchange since OpenSSH 9.9' INFO_DEPRECATED_IN_OPENSSH88 = 'deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8' INFO_DISABLED_IN_DBEAR67 = 'disabled in Dropbear SSH 2015.67' INFO_DISABLED_IN_OPENSSH70 = 'disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0' INFO_NEVER_IMPLEMENTED_IN_OPENSSH = 'despite the @openssh.com tag, this was never implemented in OpenSSH' INFO_HYBRID_PQ_X25519_KEX = 'hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm' INFO_REMOVED_IN_OPENSSH61 = 'removed since OpenSSH 6.1, removed from specification' INFO_REMOVED_IN_OPENSSH69 = 'removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9' INFO_REMOVED_IN_OPENSSH70 = 'removed in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0' INFO_WITHDRAWN_PQ_ALG = 'the sntrup4591761 algorithm was withdrawn, as it may not provide strong post-quantum security' INFO_EXTENSION_NEGOTIATION = 'pseudo-algorithm that denotes the peer supports RFC8308 extensions' INFO_STRICT_KEX = 'pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)' # Maintains a dictionary per calling thread that yields its own copy of MASTER_DB. This prevents results from one thread polluting the results of another thread. DB_PER_THREAD: Dict[int, Dict[str, Dict[str, List[List[Optional[str]]]]]] = {} MASTER_DB: Dict[str, Dict[str, List[List[Optional[str]]]]] = { # Format: 'algorithm_name': [['version_first_appeared_in'], [reason_for_failure1, reason_for_failure2, ...], [warning1, warning2, ...], [info1, info2, ...]] 'kex': { 'Curve25519SHA256': [[]], 'curve25519-sha256': [['7.4,d2018.76'], [], [], [INFO_DEFAULT_OPENSSH_KEX_74_TO_89]], 'curve25519-sha256@libssh.org': [['6.4,d2013.62,l10.6.0'], [], [], [INFO_DEFAULT_OPENSSH_KEX_65_TO_73]], 'curve448-sha512': [[]], 'curve448-sha512@libssh.org': [[]], 'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [FAIL_SHA1], [WARN_2048BIT_MODULUS]], 'diffie-hellman-group14-sha224@ssh.com': [[]], 'diffie-hellman-group14-sha256': [['7.3,d2016.73'], [], [WARN_2048BIT_MODULUS]], 'diffie-hellman-group14-sha256@ssh.com': [[], [], [WARN_2048BIT_MODULUS]], 'diffie-hellman-group15-sha256': [[]], 'diffie-hellman-group15-sha256@ssh.com': [[]], 'diffie-hellman-group15-sha384@ssh.com': [[]], 'diffie-hellman-group15-sha512': [[]], 'diffie-hellman-group16-sha256': [[]], 'diffie-hellman-group16-sha384@ssh.com': [[]], 'diffie-hellman-group16-sha512': [['7.3,d2016.73']], 'diffie-hellman-group16-sha512@ssh.com': [[]], 'diffie-hellman-group17-sha512': [[]], 'diffie-hellman_group17-sha512': [[]], 'diffie-hellman-group18-sha512': [['7.3']], 'diffie-hellman-group18-sha512@ssh.com': [[]], 'diffie-hellman-group1-sha1': [['2.3.0,d0.28,l10.2', '6.6', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_LOGJAM_ATTACK, FAIL_SHA1], [], [INFO_REMOVED_IN_OPENSSH69]], 'diffie-hellman-group1-sha256': [[], [FAIL_1024BIT_MODULUS]], 'diffie-hellman-group-exchange-sha1': [['2.3.0', '6.6', None], [FAIL_SHA1]], 'diffie-hellman-group-exchange-sha224@ssh.com': [[]], 'diffie-hellman-group-exchange-sha256': [['4.4']], 'diffie-hellman-group-exchange-sha256@ssh.com': [[]], 'diffie-hellman-group-exchange-sha384@ssh.com': [[]], 'diffie-hellman-group-exchange-sha512@ssh.com': [[]], 'ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-sha2-1.2.840.10045.3.1.1': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # NIST P-192 / secp192r1 'ecdh-sha2-1.2.840.10045.3.1.7': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-256 / secp256r1 'ecdh-sha2-1.3.132.0.10': [[]], # ECDH over secp256k1 (i.e.: the Bitcoin curve) 'ecdh-sha2-1.3.132.0.16': [[], [FAIL_UNPROVEN]], # sect283k1 'ecdh-sha2-1.3.132.0.1': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]], # sect163k1 'ecdh-sha2-1.3.132.0.26': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]], # sect233k1 'ecdh-sha2-1.3.132.0.27': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # sect233r1 'ecdh-sha2-1.3.132.0.33': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # NIST P-224 / secp224r1 'ecdh-sha2-1.3.132.0.34': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-384 / secp384r1 'ecdh-sha2-1.3.132.0.35': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-521 / secp521r1 'ecdh-sha2-1.3.132.0.36': [[], [FAIL_UNPROVEN]], # sect409k1 'ecdh-sha2-1.3.132.0.37': [[], [FAIL_NSA_BACKDOORED_CURVE]], # sect409r1 'ecdh-sha2-1.3.132.0.38': [[], [FAIL_UNPROVEN]], # sect571k1 # Note: the base64 strings, according to draft 6 of RFC5656, is Base64(MD5(DER(OID))). The final RFC5656 dropped the base64 strings in favor of plain OID concatenation, but apparently some SSH servers implement them anyway. See: https://datatracker.ietf.org/doc/html/draft-green-secsh-ecc-06#section-9.2 'ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]], # sect163k1 'ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==': [[], [FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # NIST P-192 / secp192r1 'ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-256 / secp256r1 'ecdh-sha2-brainpoolp256r1@genua.de': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-brainpoolp384r1@genua.de': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-brainpoolp521r1@genua.de': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-curve25519': [[], []], 'ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # sect409r1 'ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-521 / secp521r1 'ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==': [[], [FAIL_UNPROVEN]], # sect409k1 'ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w==': [[], [FAIL_UNPROVEN]], # sect571k1 'ecdh-sha2-nistb233': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]], 'ecdh-sha2-nistb409': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-nistk163': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]], 'ecdh-sha2-nistk233': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]], 'ecdh-sha2-nistk283': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-nistk409': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-nistp192': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-sha2-nistp224': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-sha2-nistp256': [['5.7,d2013.62,l10.6.0'], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-sha2-nistp384': [['5.7,d2013.62'], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-sha2-nistp521': [['5.7,d2013.62'], [FAIL_NSA_BACKDOORED_CURVE]], 'ecdh-sha2-nistt571': [[], [FAIL_UNPROVEN]], 'ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==': [[FAIL_SMALL_ECC_MODULUS, FAIL_NSA_BACKDOORED_CURVE]], # sect233r1 'ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==': [[], [FAIL_NSA_BACKDOORED_CURVE]], # NIST P-384 / secp384r1 'ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==': [[], [FAIL_NSA_BACKDOORED_CURVE, FAIL_SMALL_ECC_MODULUS]], # NIST P-224 / secp224r1 'ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==': [[], [FAIL_UNPROVEN]], # sect283k1 'ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]], # sect233k1 'ecmqv-sha2': [[], [FAIL_UNPROVEN]], 'ext-info-c': [['7.2'], [], [], [INFO_EXTENSION_NEGOTIATION]], # Extension negotiation (RFC 8308) 'ext-info-s': [['9.6'], [], [], [INFO_EXTENSION_NEGOTIATION]], # Extension negotiation (RFC 8308) 'kex-strict-c-v00@openssh.com': [[], [], [], [INFO_STRICT_KEX]], # Strict KEX marker (countermeasure for CVE-2023-48795). 'kex-strict-s-v00@openssh.com': [[], [], [], [INFO_STRICT_KEX]], # Strict KEX marker (countermeasure for CVE-2023-48795). # The GSS kex algorithms get special wildcard handling, since they include variable base64 data after their standard prefixes. 'gss-13.3.132.0.10-sha256-*': [[], [FAIL_UNKNOWN]], 'gss-curve25519-sha256-*': [[]], 'gss-curve448-sha512-*': [[]], 'gss-gex-sha1-*': [[], [FAIL_SHA1]], 'gss-gex-sha256-*': [[]], 'gss-group14-sha1-*': [[], [FAIL_SHA1], [WARN_2048BIT_MODULUS]], 'gss-group14-sha256-*': [[], [], [WARN_2048BIT_MODULUS]], 'gss-group15-sha512-*': [[]], 'gss-group16-sha512-*': [[]], 'gss-group17-sha512-*': [[]], 'gss-group18-sha512-*': [[]], 'gss-group1-sha1-*': [[], [FAIL_1024BIT_MODULUS, FAIL_LOGJAM_ATTACK, FAIL_SHA1]], 'gss-nistp256-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'gss-nistp384-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'gss-nistp384-sha384-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'gss-nistp521-sha512-*': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'kexAlgoCurve25519SHA256': [[]], 'kexAlgoDH14SHA1': [[], [FAIL_SHA1], [WARN_2048BIT_MODULUS]], 'kexAlgoDH1SHA1': [[], [FAIL_1024BIT_MODULUS, FAIL_LOGJAM_ATTACK, FAIL_SHA1]], 'kexAlgoECDH256': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'kexAlgoECDH384': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'kexAlgoECDH521': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'kexguess2@matt.ucc.asn.au': [['d2013.57']], 'm383-sha384@libassh.org': [[], [FAIL_UNPROVEN]], 'm511-sha512@libassh.org': [[], [FAIL_UNPROVEN]], 'mlkem768x25519-sha256': [['9.9'], [], [], [INFO_HYBRID_PQ_X25519_KEX]], 'rsa1024-sha1': [[], [FAIL_1024BIT_MODULUS, FAIL_SHA1]], 'rsa2048-sha256': [[], [], [WARN_2048BIT_MODULUS]], 'sm2kep-sha2-nistp256': [[], [FAIL_NSA_BACKDOORED_CURVE, FAIL_UNTRUSTED]], 'sntrup4591761x25519-sha512@tinyssh.org': [['8.0', '8.4'], [], [WARN_EXPERIMENTAL], [INFO_WITHDRAWN_PQ_ALG]], 'sntrup761x25519-sha512': [['9.9'], [], [], [INFO_DEFAULT_OPENSSH_KEX_99, INFO_HYBRID_PQ_X25519_KEX]], 'sntrup761x25519-sha512@openssh.com': [['8.5'], [], [], [INFO_DEFAULT_OPENSSH_KEX_90_TO_98, INFO_HYBRID_PQ_X25519_KEX]], 'x25519-kyber-512r3-sha256-d00@amazon.com': [[]], 'x25519-kyber512-sha512@aws.amazon.com': [[]], }, 'key': { 'dsa2048-sha224@libassh.org': [[], [FAIL_UNPROVEN], [WARN_2048BIT_MODULUS]], 'dsa2048-sha256@libassh.org': [[], [FAIL_UNPROVEN], [WARN_2048BIT_MODULUS]], 'dsa3072-sha256@libassh.org': [[], [FAIL_UNPROVEN]], 'ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com': [[], [FAIL_UNKNOWN]], 'ecdsa-sha2-1.3.132.0.10': [[], [], [WARN_RNDSIG_KEY]], # ECDSA over secp256k1 (i.e.: the Bitcoin curve) 'ecdsa-sha2-curve25519': [[], [], [WARN_RNDSIG_KEY]], # ECDSA with Curve25519? Bizarre... 'ecdsa-sha2-nistb233': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistb409': [[], [FAIL_UNPROVEN], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistk163': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistk233': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistk283': [[], [FAIL_UNPROVEN], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistk409': [[], [FAIL_UNPROVEN], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp224': [[], [FAIL_NSA_BACKDOORED_CURVE, FAIL_SMALL_ECC_MODULUS], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp192': [[], [FAIL_NSA_BACKDOORED_CURVE, FAIL_SMALL_ECC_MODULUS], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp521': [['5.7,d2013.62,l10.6.4'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp521-cert-v01@openssh.com': [['5.7'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistt571': [[], [FAIL_UNPROVEN], [WARN_RNDSIG_KEY]], 'eddsa-e382-shake256@libassh.org': [[], [FAIL_UNPROVEN]], 'eddsa-e521-shake256@libassh.org': [[], [FAIL_UNPROVEN]], 'null': [[], [FAIL_PLAINTEXT]], 'pgp-sign-dss': [[], [FAIL_1024BIT_MODULUS]], 'pgp-sign-rsa': [[], [FAIL_1024BIT_MODULUS]], 'rsa-sha2-256': [['7.2,d2020.79']], 'rsa-sha2-256-cert-v01@openssh.com': [['7.8']], 'rsa-sha2-512': [['7.2']], 'rsa-sha2-512-cert-v01@openssh.com': [['7.8']], 'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com': [['8.2'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [FAIL_NSA_BACKDOORED_CURVE], [WARN_RNDSIG_KEY]], 'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']], 'sk-ssh-ed25519@openssh.com': [['8.2']], 'spi-sign-rsa': [[]], 'spki-sign-dss': [[], [FAIL_1024BIT_MODULUS]], 'spki-sign-rsa': [[], [FAIL_1024BIT_MODULUS]], 'ssh-dsa': [[], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY]], 'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY], [INFO_DISABLED_IN_OPENSSH70]], 'ssh-dss-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY], [INFO_DISABLED_IN_OPENSSH70]], 'ssh-dss-cert-v01@openssh.com': [['5.6', '6.9'], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY]], 'ssh-dss-sha224@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'ssh-dss-sha256@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'ssh-dss-sha384@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'ssh-dss-sha512@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'ssh-ed25519': [['6.5,d2020.79,l10.7.0']], 'ssh-ed25519-cert-v01@openssh.com': [['6.5']], 'ssh-ed448': [[]], 'ssh-ed448-cert-v01@openssh.com': [[], [], [], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], 'ssh-gost2001': [[], [FAIL_UNTRUSTED]], 'ssh-gost2012-256': [[], [FAIL_UNTRUSTED]], 'ssh-gost2012-512': [[], [FAIL_UNTRUSTED]], 'ssh-rsa1': [[], [FAIL_SHA1]], 'ssh-rsa': [['2.5.0,d0.28,l10.2'], [FAIL_SHA1], [], [INFO_DEPRECATED_IN_OPENSSH88]], 'ssh-rsa-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_SHA1], [], [INFO_REMOVED_IN_OPENSSH70]], 'ssh-rsa-cert-v01@openssh.com': [['5.6'], [FAIL_SHA1], [], [INFO_DEPRECATED_IN_OPENSSH88]], 'ssh-rsa-sha224@ssh.com': [[]], 'ssh-rsa-sha2-256': [[]], 'ssh-rsa-sha2-512': [[]], 'ssh-rsa-sha256@ssh.com': [[]], 'ssh-rsa-sha384@ssh.com': [[]], 'ssh-rsa-sha512@ssh.com': [[]], 'ssh-xmss-cert-v01@openssh.com': [['7.7'], [WARN_EXPERIMENTAL]], 'ssh-xmss@openssh.com': [['7.7'], [WARN_EXPERIMENTAL]], 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com': [['8.3'], [FAIL_NSA_BACKDOORED_CURVE]], 'x509v3-ecdsa-sha2-1.3.132.0.10': [[], [FAIL_UNKNOWN]], 'x509v3-ecdsa-sha2-nistp256': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'x509v3-ecdsa-sha2-nistp384': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'x509v3-ecdsa-sha2-nistp521': [[], [FAIL_NSA_BACKDOORED_CURVE]], 'x509v3-rsa2048-sha256': [[]], 'x509v3-sign-dss': [[], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY]], 'x509v3-sign-dss-sha1': [[], [FAIL_1024BIT_MODULUS, FAIL_SHA1]], 'x509v3-sign-dss-sha224@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'x509v3-sign-dss-sha256@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'x509v3-sign-dss-sha384@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'x509v3-sign-dss-sha512@ssh.com': [[], [FAIL_1024BIT_MODULUS]], 'x509v3-sign-rsa': [[], [FAIL_SHA1]], 'x509v3-sign-rsa-sha1': [[], [FAIL_SHA1]], 'x509v3-sign-rsa-sha224@ssh.com': [[]], 'x509v3-sign-rsa-sha256': [[]], 'x509v3-sign-rsa-sha256@ssh.com': [[]], 'x509v3-sign-rsa-sha384@ssh.com': [[]], 'x509v3-sign-rsa-sha512@ssh.com': [[]], 'x509v3-ssh-dss': [[], [FAIL_1024BIT_MODULUS], [WARN_RNDSIG_KEY]], 'x509v3-ssh-rsa': [[], [FAIL_SHA1], [], [INFO_DEPRECATED_IN_OPENSSH88]], }, 'enc': { '3des-cbc': [['1.2.2,d0.28,l10.2', '6.6', None], [FAIL_3DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], '3des-cfb': [[], [FAIL_3DES], [WARN_CIPHER_MODE]], '3des-ctr': [['d0.52'], [FAIL_3DES]], '3des-ecb': [[], [FAIL_3DES], [WARN_CIPHER_MODE]], '3des': [[], [FAIL_3DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], '3des-ofb': [[], [FAIL_3DES], [WARN_CIPHER_MODE]], 'AEAD_AES_128_GCM': [[]], 'AEAD_AES_256_GCM': [[]], 'aes128-cbc': [['2.3.0,d0.28,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]], 'aes128-ctr': [['3.7,d0.52,l10.4.1']], 'aes128-gcm': [[]], 'aes128-gcm@openssh.com': [['6.2']], 'aes128-ocb@libassh.org': [[], [], [WARN_CIPHER_MODE]], 'aes192-cbc': [['2.3.0,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]], 'aes192-ctr': [['3.7,l10.4.1']], 'aes192-gcm@openssh.com': [[], [], [], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], 'aes256-cbc': [['2.3.0,d0.47,l10.2', '6.6', None], [], [WARN_CIPHER_MODE]], 'aes256-ctr': [['3.7,d0.52,l10.4.1']], 'aes256-gcm': [[]], 'aes256-gcm@openssh.com': [['6.2']], 'arcfour128': [['4.2', '6.6', '7.1'], [FAIL_RC4]], 'arcfour': [['2.1.0', '6.6', '7.1'], [FAIL_RC4]], 'arcfour256': [['4.2', '6.6', '7.1'], [FAIL_RC4]], 'blowfish-cbc': [['1.2.2,d0.28,l10.2', '6.6,d0.52', '7.1,d0.52'], [FAIL_BLOWFISH], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'blowfish-cfb': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE]], 'blowfish-ctr': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'blowfish-ecb': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE]], 'blowfish': [[], [FAIL_BLOWFISH], [WARN_BLOCK_SIZE]], 'blowfish-ofb': [[], [FAIL_BLOWFISH], [WARN_CIPHER_MODE]], 'camellia128-cbc@openssh.org': [[], [], [WARN_CIPHER_MODE]], 'camellia128-cbc': [[], [], [WARN_CIPHER_MODE]], 'camellia128-ctr': [[]], 'camellia128-ctr@openssh.org': [[]], 'camellia192-cbc@openssh.org': [[], [], [WARN_CIPHER_MODE]], 'camellia192-cbc': [[], [], [WARN_CIPHER_MODE]], 'camellia192-ctr': [[]], 'camellia192-ctr@openssh.org': [[]], 'camellia256-cbc@openssh.org': [[], [], [WARN_CIPHER_MODE]], 'camellia256-cbc': [[], [], [WARN_CIPHER_MODE]], 'camellia256-ctr': [[]], 'camellia256-ctr@openssh.org': [[]], 'cast128-12-cbc@ssh.com': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'cast128-cbc': [['2.1.0', '6.6', '7.1'], [FAIL_CAST], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'cast128-12-cbc': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'cast128-12-cfb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'cast128-12-ecb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'cast128-12-ofb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'cast128-cfb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'cast128-ctr': [[], [FAIL_CAST]], 'cast128-ecb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'cast128-ofb': [[], [FAIL_CAST], [WARN_CIPHER_MODE]], 'chacha20-poly1305': [[], [], [], [INFO_DEFAULT_OPENSSH_CIPHER]], 'chacha20-poly1305@openssh.com': [['6.5,d2020.79'], [], [], [INFO_DEFAULT_OPENSSH_CIPHER]], 'crypticore128@ssh.com': [[], [FAIL_UNPROVEN]], 'des-cbc': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cfb': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-ecb': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-ofb': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cbc-ssh1': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des-cbc@ssh.com': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'des': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]], 'grasshopper-ctr128': [[], [FAIL_UNTRUSTED]], 'idea-cbc': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], 'idea-cfb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], 'idea-ctr': [[], [FAIL_IDEA]], 'idea-ecb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], 'idea-ofb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]], 'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]], 'rijndael128-cbc': [['2.3.0', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], 'rijndael192-cbc': [['2.3.0', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], 'rijndael256-cbc': [['2.3.0', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], 'rijndael-cbc@lysator.liu.se': [['2.3.0', '6.6', '7.0'], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_OPENSSH70]], 'rijndael-cbc@ssh.com': [[], [FAIL_RIJNDAEL], [WARN_CIPHER_MODE]], 'seed-cbc@ssh.com': [[], [FAIL_SEED], [WARN_CIPHER_MODE]], 'seed-ctr@ssh.com': [[], [FAIL_SEED]], 'serpent128-cbc': [[], [FAIL_SERPENT], [WARN_CIPHER_MODE]], 'serpent128-ctr': [[], [FAIL_SERPENT]], 'serpent128-gcm@libassh.org': [[], [FAIL_SERPENT]], 'serpent192-cbc': [[], [FAIL_SERPENT], [WARN_CIPHER_MODE]], 'serpent192-ctr': [[], [FAIL_SERPENT]], 'serpent256-cbc': [[], [FAIL_SERPENT], [WARN_CIPHER_MODE]], 'serpent256-ctr': [[], [FAIL_SERPENT]], 'serpent256-gcm@libassh.org': [[], [FAIL_SERPENT]], 'twofish128-cbc': [['d0.47', 'd2014.66'], [], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_DBEAR67]], 'twofish128-ctr': [['d2015.68']], 'twofish128-gcm@libassh.org': [[]], 'twofish192-cbc': [[], [], [WARN_CIPHER_MODE]], 'twofish192-ctr': [[]], 'twofish256-cbc': [['d0.47', 'd2014.66'], [], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_DBEAR67]], 'twofish256-ctr': [['d2015.68']], 'twofish256-gcm@libassh.org': [[]], 'twofish-cbc': [['d0.28', 'd2014.66'], [], [WARN_CIPHER_MODE], [INFO_DISABLED_IN_DBEAR67]], 'twofish-cfb': [[], [], [WARN_CIPHER_MODE]], 'twofish-ctr': [[]], 'twofish-ecb': [[], [], [WARN_CIPHER_MODE]], 'twofish-ofb': [[], [], [WARN_CIPHER_MODE]], }, 'mac': { 'AEAD_AES_128_GCM': [[]], 'AEAD_AES_256_GCM': [[]], 'aes128-gcm': [[]], 'aes256-gcm': [[]], 'cbcmac-3des': [[], [FAIL_UNPROVEN, FAIL_3DES]], 'cbcmac-aes': [[], [FAIL_UNPROVEN]], 'cbcmac-blowfish': [[], [FAIL_UNPROVEN, FAIL_BLOWFISH]], 'cbcmac-des': [[], [FAIL_UNPROVEN, FAIL_DES]], 'cbcmac-rijndael': [[], [FAIL_UNPROVEN, FAIL_RIJNDAEL]], 'cbcmac-twofish': [[], [FAIL_UNPROVEN]], 'chacha20-poly1305@openssh.com': [[], [], [], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], # Despite the @openssh.com tag, this was never shipped as a MAC in OpenSSH (only as a cipher); it is only implemented as a MAC in Syncplify. 'crypticore-mac@ssh.com': [[], [FAIL_UNPROVEN]], 'hmac-md5': [['2.1.0,d0.28', '6.6', '7.1'], [FAIL_MD5], [WARN_ENCRYPT_AND_MAC]], 'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_MD5], [WARN_ENCRYPT_AND_MAC]], 'hmac-md5-96-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_MD5]], 'hmac-md5-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_MD5]], 'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC]], 'hmac-ripemd160-96': [[], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], 'hmac-ripemd160-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_RIPEMD]], 'hmac-ripemd160@openssh.com': [['2.1.0', '6.6', '7.1'], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC]], 'hmac-ripemd': [[], [FAIL_RIPEMD], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha1': [['2.1.0,d0.28,l10.2'], [FAIL_SHA1], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha1-96': [['2.5.0,d0.47', '6.6', '7.1'], [FAIL_SHA1], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha1-96-etm@openssh.com': [['6.2', '6.6', None], [FAIL_SHA1]], 'hmac-sha1-96@openssh.com': [[], [FAIL_SHA1], [WARN_TAG_SIZE, WARN_ENCRYPT_AND_MAC], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], 'hmac-sha1-etm@openssh.com': [['6.2'], [FAIL_SHA1]], 'hmac-sha2-224': [[], [], [WARN_TAG_SIZE, WARN_ENCRYPT_AND_MAC]], 'hmac-sha224@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-256': [['5.9,d2013.56,l10.7.0'], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-256-96': [['5.9', '6.0'], [], [WARN_ENCRYPT_AND_MAC], [INFO_REMOVED_IN_OPENSSH61]], 'hmac-sha2-256-96-etm@openssh.com': [[], [], [WARN_TAG_SIZE_96], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], # Only ever implemented in AsyncSSH (?). 'hmac-sha2-256-etm@openssh.com': [['6.2']], 'hmac-sha2-384': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-512': [['5.9,d2013.56,l10.7.0'], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-512-96': [['5.9', '6.0'], [], [WARN_ENCRYPT_AND_MAC], [INFO_REMOVED_IN_OPENSSH61]], 'hmac-sha2-512-96-etm@openssh.com': [[], [], [WARN_TAG_SIZE_96], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], # Only ever implemented in AsyncSSH (?). 'hmac-sha2-512-etm@openssh.com': [['6.2']], 'hmac-sha256-2@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha256-96@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], 'hmac-sha256-96': [[], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], 'hmac-sha256@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha256': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-56': [[], [], [WARN_TAG_SIZE, WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-224': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-256': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-384': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-512': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha384@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha512@ssh.com': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha512': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-whirlpool': [[], [], [WARN_ENCRYPT_AND_MAC]], 'md5': [[], [FAIL_PLAINTEXT]], 'md5-8': [[], [FAIL_PLAINTEXT]], 'none': [['d2013.56'], [FAIL_PLAINTEXT]], 'ripemd160': [[], [FAIL_PLAINTEXT]], 'ripemd160-8': [[], [FAIL_PLAINTEXT]], 'sha1': [[], [FAIL_PLAINTEXT]], 'sha1-8': [[], [FAIL_PLAINTEXT]], 'umac-128': [[], [], [WARN_ENCRYPT_AND_MAC]], 'umac-128-etm@openssh.com': [['6.2']], 'umac-128@openssh.com': [['6.2'], [], [WARN_ENCRYPT_AND_MAC]], 'umac-32@openssh.com': [[], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], 'umac-64-etm@openssh.com': [['6.2'], [], [WARN_TAG_SIZE]], 'umac-64@openssh.com': [['4.7'], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], 'umac-96@openssh.com': [[], [], [WARN_ENCRYPT_AND_MAC], [INFO_NEVER_IMPLEMENTED_IN_OPENSSH]], } } @staticmethod def get_db() -> Dict[str, Dict[str, List[List[Optional[str]]]]]: '''Returns a copy of the MASTER_DB that is private to the calling thread. This prevents multiple threads from polluting the results of other threads.''' calling_thread_id = threading.get_ident() if calling_thread_id not in SSH2_KexDB.DB_PER_THREAD: SSH2_KexDB.DB_PER_THREAD[calling_thread_id] = copy.deepcopy(SSH2_KexDB.MASTER_DB) return SSH2_KexDB.DB_PER_THREAD[calling_thread_id] @staticmethod def thread_exit() -> None: '''Deletes the calling thread's copy of the MASTER_DB. This is needed because, in rare circumstances, a terminated thread's ID can be re-used by new threads.''' calling_thread_id = threading.get_ident() if calling_thread_id in SSH2_KexDB.DB_PER_THREAD: del SSH2_KexDB.DB_PER_THREAD[calling_thread_id] ssh-audit-3.3.0/src/ssh_audit/ssh2_kexparty.py000066400000000000000000000043221470352310600213520ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 class SSH2_KexParty: def __init__(self, enc: List[str], mac: List[str], compression: List[str], languages: List[str]) -> None: self.__enc = enc self.__mac = mac self.__compression = compression self.__languages = languages @property def encryption(self) -> List[str]: return self.__enc @property def mac(self) -> List[str]: return self.__mac @property def compression(self) -> List[str]: return self.__compression @property def languages(self) -> List[str]: return self.__languages def __str__(self) -> str: ret = "Ciphers: " + ", ".join(self.__enc) ret += "\nMACs: " + ", ".join(self.__mac) ret += "\nCompressions: " + ", ".join(self.__compression) ret += "\nLanguages: " + ", ".join(self.__languages) return ret ssh-audit-3.3.0/src/ssh_audit/ssh_audit.py000077500000000000000000002231671470352310600205440ustar00rootroot00000000000000#!/usr/bin/env python3 """ The MIT License (MIT) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import concurrent.futures import copy import getopt # pylint: disable=deprecated-module import json import multiprocessing import os import re import sys import traceback # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import cast, Callable, Optional, Union, Any # noqa: F401 from ssh_audit.globals import SNAP_PACKAGE from ssh_audit.globals import SNAP_PERMISSIONS_ERROR from ssh_audit.globals import VERSION from ssh_audit.globals import BUILTIN_MAN_PAGE from ssh_audit.algorithm import Algorithm from ssh_audit.algorithms import Algorithms from ssh_audit.auditconf import AuditConf from ssh_audit.banner import Banner from ssh_audit.dheat import DHEat from ssh_audit import exitcodes from ssh_audit.fingerprint import Fingerprint from ssh_audit.gextest import GEXTest from ssh_audit.hostkeytest import HostKeyTest from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.policy import Policy from ssh_audit.product import Product from ssh_audit.protocol import Protocol from ssh_audit.software import Software from ssh_audit.ssh1_kexdb import SSH1_KexDB from ssh_audit.ssh1_publickeymessage import SSH1_PublicKeyMessage from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.ssh2_kexdb import SSH2_KexDB from ssh_audit.ssh_socket import SSH_Socket from ssh_audit.utils import Utils # no_idna_workaround = False # Only import colorama under Windows. Other OSes can natively handle terminal colors. if sys.platform == 'win32': try: from colorama import just_fix_windows_console # type: ignore just_fix_windows_console() except ImportError: pass # This is a workaround for a Python bug that causes a crash on Windows when multiple threads are used (see https://github.com/python/cpython/issues/73474). Importing the idna module and using it in a no-op seems to fix the issue. Otherwise, if idna isn't available at run-time, force single threaded scans. # try: # import idna # noqa: F401 # # ''.encode('idna') # except ImportError: # no_idna_workaround = True def usage(uout: OutputBuffer, err: Optional[str] = None) -> None: retval = exitcodes.GOOD p = os.path.basename(sys.argv[0]) uout.head('# {} {}, https://github.com/jtesta/ssh-audit\n'.format(p, VERSION)) if err is not None and len(err) > 0: uout.fail(err + '\n') retval = exitcodes.UNKNOWN_ERROR uout.info('usage: {0} [options] \n'.format(p)) uout.info(' -h, --help print this help') uout.info(' -1, --ssh1 force ssh version 1 only') uout.info(' -2, --ssh2 force ssh version 2 only') uout.info(' -4, --ipv4 enable IPv4 (order of precedence)') uout.info(' -6, --ipv6 enable IPv6 (order of precedence)') uout.info(' -b, --batch batch output') uout.info(' -c, --client-audit starts a server on port 2222 to audit client\n software config (use -p to change port;\n use -t to change timeout)') uout.info(' --conn-rate-test=N[:max_rate] perform a connection rate test (useful') uout.info(' for collecting metrics related to') uout.info(' susceptibility of the DHEat vuln).') uout.info(' Testing is conducted with N concurrent') uout.info(' sockets with an optional maximum rate') uout.info(' of connections per second.') uout.info(' -d, --debug debug output') uout.info(' --dheat=N[:kex[:e_len]] continuously perform the DHEat DoS attack') uout.info(' (CVE-2002-20001) against the target using N') uout.info(' concurrent sockets. Optionally, a specific') uout.info(' key exchange algorithm can be specified') uout.info(' instead of allowing it to be automatically') uout.info(' chosen. Additionally, a small length of') uout.info(' the fake e value sent to the server can') uout.info(' be chosen for a more efficient attack (such') uout.info(' as 4).') uout.info(' -g, --gex-test= dh gex modulus size test') uout.info(' ') uout.info(' ') uout.info(' -j, --json JSON output (use -jj to enable indents)') uout.info(' -l, --level= minimum output level (info|warn|fail)') uout.info(' -L, --list-policies list all the official, built-in policies. Use with -v') uout.info(' to view policy change logs.') uout.info(' --lookup= looks up an algorithm(s) without\n connecting to a server') uout.info(' -M, --make-policy= creates a policy based on the target server\n (i.e.: the target server has the ideal\n configuration that other servers should\n adhere to)') uout.info(' -m, --manual print the man page (Windows only)') uout.info(' -n, --no-colors disable colors (automatic when the NO_COLOR') uout.info(' environment variable is set)') uout.info(' -p, --port= port to connect') uout.info(' -P, --policy= run a policy test using the specified policy') uout.info(' --skip-rate-test skip the connection rate test during standard audits\n (used to safely infer whether the DHEat attack\n is viable)') uout.info(' -t, --timeout= timeout (in seconds) for connection and reading\n (default: 5)') uout.info(' -T, --targets= a file containing a list of target hosts (one\n per line, format HOST[:PORT]). Use -p/--port\n to set the default port for all hosts. Use\n --threads to control concurrent scans.') uout.info(' --threads= number of threads to use when scanning multiple\n targets (-T/--targets) (default: 32)') uout.info(' -v, --verbose verbose output') uout.sep() uout.write() sys.exit(retval) def output_algorithms(out: OutputBuffer, title: str, alg_db: Dict[str, Dict[str, List[List[Optional[str]]]]], alg_type: str, algorithms: List[str], unknown_algs: List[str], is_json_output: bool, program_retval: int, maxlen: int = 0, host_keys: Optional[Dict[str, Dict[str, Union[bytes, str, int]]]] = None, dh_modulus_sizes: Optional[Dict[str, int]] = None) -> int: # pylint: disable=too-many-arguments with out: for algorithm in algorithms: program_retval = output_algorithm(out, alg_db, alg_type, algorithm, unknown_algs, program_retval, maxlen, host_keys=host_keys, dh_modulus_sizes=dh_modulus_sizes) if not out.is_section_empty() and not is_json_output: out.head('# ' + title) out.flush_section() out.sep() return program_retval def output_algorithm(out: OutputBuffer, alg_db: Dict[str, Dict[str, List[List[Optional[str]]]]], alg_type: str, alg_name: str, unknown_algs: List[str], program_retval: int, alg_max_len: int = 0, host_keys: Optional[Dict[str, Dict[str, Union[bytes, str, int]]]] = None, dh_modulus_sizes: Optional[Dict[str, int]] = None) -> int: # pylint: disable=too-many-arguments prefix = '(' + alg_type + ') ' if alg_max_len == 0: alg_max_len = len(alg_name) padding = '' if out.batch else ' ' * (alg_max_len - len(alg_name)) # If this is an RSA host key or DH GEX, append the size to its name and fix # the padding. alg_name_with_size = None if (dh_modulus_sizes is not None) and (alg_name in dh_modulus_sizes): alg_name_with_size = '%s (%u-bit)' % (alg_name, dh_modulus_sizes[alg_name]) padding = padding[0:-11] elif (host_keys is not None) and (alg_name in host_keys): hostkey_size = cast(int, host_keys[alg_name]['hostkey_size']) ca_key_type = cast(str, host_keys[alg_name]['ca_key_type']) ca_key_size = cast(int, host_keys[alg_name]['ca_key_size']) # If this is an RSA variant, just print "RSA". if ca_key_type in HostKeyTest.RSA_FAMILY: ca_key_type = "RSA" if len(ca_key_type) > 0 and ca_key_size > 0: alg_name_with_size = '%s (%u-bit cert/%u-bit %s CA)' % (alg_name, hostkey_size, ca_key_size, ca_key_type) padding = padding[0:-15] elif alg_name in HostKeyTest.RSA_FAMILY: alg_name_with_size = '%s (%u-bit)' % (alg_name, hostkey_size) padding = padding[0:-11] # If this is a kex algorithm and starts with 'gss-', then normalize its name (i.e.: 'gss-gex-sha1-vz8J1E9PzLr8b1K+0remTg==' => 'gss-gex-sha1-*'). The base64 field can vary, so we'll convert it to the wildcard that our database uses and we'll just resume doing a straight match like all other algorithm names. alg_name_original = alg_name if alg_type == 'kex' and alg_name.startswith('gss-'): last_dash = alg_name.rindex('-') alg_name = "%s-*" % alg_name[0:last_dash] texts = [] if len(alg_name.strip()) == 0: return program_retval alg_name_native = Utils.to_text(alg_name) if alg_name_native in alg_db[alg_type]: alg_desc = alg_db[alg_type][alg_name_native] ldesc = len(alg_desc) for idx, level in enumerate(['fail', 'warn', 'info']): if level == 'info': versions = alg_desc[0] since_text = Algorithm.get_since_text(versions) if since_text is not None and len(since_text) > 0: texts.append((level, since_text)) idx = idx + 1 if ldesc > idx: for t in alg_desc[idx]: if t is None: continue texts.append((level, t)) if len(texts) == 0: texts.append(('info', '')) else: texts.append(('warn', 'unknown algorithm')) unknown_algs.append(alg_name) # For kex GSS algorithms, now that we already did the database lookup (above), restore the original algorithm name so its reported properly in the output. if alg_name != alg_name_original: alg_name = alg_name_original alg_name = alg_name_with_size if alg_name_with_size is not None else alg_name first = True use_good_for_all = False for level, text in texts: if level == 'fail': program_retval = exitcodes.FAILURE elif level == 'warn' and program_retval != exitcodes.FAILURE: # If a failure was found previously, don't downgrade to warning. program_retval = exitcodes.WARNING f = getattr(out, level) comment = (padding + ' -- [' + level + '] ' + text) if text != '' else '' # If the first algorithm's comment is an 'info', this implies that it is rated good. Hence, the out.good() function should be used to write all subsequent notes for this algorithm as well. if (first and level == 'info') or use_good_for_all: f = out.good use_good_for_all = True if first: f(prefix + alg_name + comment) first = False else: # pylint: disable=else-if-used if out.verbose: f(prefix + alg_name + comment) elif text != '': comment = padding + ' `- [' + level + '] ' + text f(' ' * len(prefix + alg_name) + comment) return program_retval def output_compatibility(out: OutputBuffer, algs: Algorithms, client_audit: bool, for_server: bool = True) -> None: # Don't output any compatibility info if we're doing a client audit. if client_audit: return ssh_timeframe = algs.get_ssh_timeframe(for_server) comp_text = [] for ssh_prod in [Product.OpenSSH, Product.DropbearSSH]: if ssh_prod not in ssh_timeframe: continue v_from = ssh_timeframe.get_from(ssh_prod, for_server) v_till = ssh_timeframe.get_till(ssh_prod, for_server) if v_from is None: continue if v_till is None: comp_text.append('{} {}+'.format(ssh_prod, v_from)) elif v_from == v_till: comp_text.append('{} {}'.format(ssh_prod, v_from)) else: software = Software(None, ssh_prod, v_from, None, None) if software.compare_version(v_till) > 0: tfmt = '{0} {1}+ (some functionality from {2})' else: tfmt = '{0} {1}-{2}' comp_text.append(tfmt.format(ssh_prod, v_from, v_till)) if len(comp_text) > 0: out.good('(gen) compatibility: ' + ', '.join(comp_text)) def output_security(out: OutputBuffer, banner: Optional[Banner], padlen: int, is_json_output: bool) -> None: with out: if (banner is not None) and (banner.protocol[0] == 1): p = '' if out.batch else ' ' * (padlen - 14) out.fail('(sec) SSH v1 enabled{} -- SSH v1 can be exploited to recover plaintext passwords'.format(p)) if not out.is_section_empty() and not is_json_output: out.head('# security') out.flush_section() out.sep() def output_fingerprints(out: OutputBuffer, algs: Algorithms, is_json_output: bool) -> None: with out: fps = {} if algs.ssh1kex is not None: name = 'ssh-rsa1' fp = Fingerprint(algs.ssh1kex.host_key_fingerprint_data) # bits = algs.ssh1kex.host_key_bits fps[name] = fp if algs.ssh2kex is not None: host_keys = algs.ssh2kex.host_keys() for host_key_type in algs.ssh2kex.host_keys(): if host_keys[host_key_type] is None: continue fp = Fingerprint(cast(bytes, host_keys[host_key_type]['raw_hostkey_bytes'])) # Workaround for Python's order-indifference in dicts. We might get a random RSA type (ssh-rsa, rsa-sha2-256, or rsa-sha2-512), so running the tool against the same server three times may give three different host key types here. So if we have any RSA type, we will simply hard-code it to 'ssh-rsa'. if host_key_type in HostKeyTest.RSA_FAMILY: host_key_type = 'ssh-rsa' # Skip over certificate host types (or we would return invalid fingerprints), and only add one fingerprint in the RSA family. if '-cert-' not in host_key_type: fps[host_key_type] = fp # Similarly, the host keys can be processed in random order due to Python's order-indifference in dicts. So we sort this list before printing; this makes automated testing possible. fp_types = sorted(fps.keys()) for fp_type in fp_types: fp = fps[fp_type] # Don't output any ECDSA or DSS fingerprints unless verbose mode is enabled. if fp_type.startswith("ecdsa-") or (fp_type == "ssh-dss"): if out.verbose: out.warn('(fin) {}: {} -- [info] this fingerprint type is insecure and should not be relied upon'.format(fp_type, fp.sha256)) else: continue # If verbose mode is not enabled, skip this type entirely. else: out.good('(fin) {}: {}'.format(fp_type, fp.sha256)) # Output the MD5 hash too if verbose mode is enabled. if out.verbose: out.warn('(fin) {}: {} -- [info] do not rely on MD5 fingerprints for server identification; it is insecure for this use case'.format(fp_type, fp.md5)) if not out.is_section_empty() and not is_json_output: out.head('# fingerprints') out.flush_section() out.sep() # Returns True if no warnings or failures encountered in configuration. def output_recommendations(out: OutputBuffer, algs: Algorithms, algorithm_recommendation_suppress_list: List[str], software: Optional[Software], is_json_output: bool, padlen: int = 0) -> bool: ret = True level_to_output = { "informational": out.good, "warning": out.warn, "critical": out.fail } with out: recommendations = get_algorithm_recommendations(algs, algorithm_recommendation_suppress_list, software, for_server=True) for level in recommendations: # pylint: disable=consider-using-dict-items for action in recommendations[level]: for alg_type in recommendations[level][action]: for alg_name_and_notes in recommendations[level][action][alg_type]: name = alg_name_and_notes['name'] notes = alg_name_and_notes['notes'] p = '' if out.batch else ' ' * (padlen - len(name)) fn = level_to_output[level] an = '?' sg = '?' if action == 'del': an, sg = 'remove', '-' ret = False elif action == 'add': an, sg = 'append', '+' elif action == 'chg': an, sg = 'change', '!' ret = False if notes != '': notes = " (%s)" % notes fm = '(rec) {0}{1}{2}-- {3} algorithm to {4}{5} ' fn(fm.format(sg, name, p, alg_type, an, notes)) if not out.is_section_empty() and not is_json_output: if software is not None: title = '(for {})'.format(software.display(False)) else: title = '' out.head('# algorithm recommendations {}'.format(title)) out.flush_section(sort_section=True) # Sort the output so that it is always stable (needed for repeatable testing). out.sep() return ret # Output additional information & notes. def output_info(out: OutputBuffer, software: Optional['Software'], client_audit: bool, any_problems: bool, is_json_output: bool, additional_notes: List[str]) -> None: with out: # Tell user that PuTTY cannot be hardened at the protocol-level. if client_audit and (software is not None) and (software.product == Product.PuTTY): out.warn('(nfo) PuTTY does not have the option of restricting any algorithms during the SSH handshake.') # If any warnings or failures were given, print a link to the hardening guides. if any_problems: out.warn('(nfo) For hardening guides on common OSes, please see: ') # Add any additional notes. for additional_note in additional_notes: if len(additional_note) > 0: out.warn("(nfo) %s" % additional_note) if not out.is_section_empty() and not is_json_output: out.head('# additional info') out.flush_section() out.sep() def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_audit: bool, dh_rate_test_notes: str) -> Tuple[List[str], List[str]]: '''Perform post-processing on scan results before reporting them to the user. Returns a list of algorithms that should not be recommended and a list of notes.''' def _add_terrapin_warning(db: Dict[str, Dict[str, List[List[Optional[str]]]]], category: str, algorithm_name: str) -> None: '''Adds a warning regarding the Terrapin vulnerability for the specified algorithm.''' # Ensure that a slot for warnings exists for this algorithm. while len(db[category][algorithm_name]) < 3: db[category][algorithm_name].append([]) db[category][algorithm_name][2].append("vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation") def _get_chacha_ciphers_enabled(algs: Algorithms) -> List[str]: '''Returns a list of chacha20-poly1305 ciphers that the peer supports.''' ret = [] if algs.ssh2kex is not None: ciphers_supported = algs.ssh2kex.client.encryption if client_audit else algs.ssh2kex.server.encryption for cipher in ciphers_supported: if cipher.startswith("chacha20-poly1305"): ret.append(cipher) return ret def _get_chacha_ciphers_not_enabled(db: Dict[str, Dict[str, List[List[Optional[str]]]]], algs: Algorithms) -> List[str]: '''Returns a list of all chacha20-poly1305 in our algorithm database.''' ret = [] for cipher in db["enc"]: if cipher.startswith("chacha20-poly1305") and cipher not in _get_chacha_ciphers_enabled(algs): ret.append(cipher) return ret def _get_cbc_ciphers_enabled(algs: Algorithms) -> List[str]: '''Returns a list of CBC ciphers that the peer supports.''' ret = [] if algs.ssh2kex is not None: ciphers_supported = algs.ssh2kex.client.encryption if client_audit else algs.ssh2kex.server.encryption for cipher in ciphers_supported: if cipher.endswith("-cbc") or cipher.endswith("-cbc@openssh.org") or cipher.endswith("-cbc@ssh.com") or cipher == "rijndael-cbc@lysator.liu.se": ret.append(cipher) return ret def _get_cbc_ciphers_not_enabled(db: Dict[str, Dict[str, List[List[Optional[str]]]]], algs: Algorithms) -> List[str]: '''Returns a list of all CBC ciphers in our algorithm database.''' ret = [] for cipher in db["enc"]: if (cipher.endswith("-cbc") or cipher.endswith("-cbc@openssh.org") or cipher.endswith("-cbc@ssh.com") or cipher == "rijndael-cbc@lysator.liu.se") and cipher not in _get_cbc_ciphers_enabled(algs): ret.append(cipher) return ret def _get_etm_macs_enabled(algs: Algorithms) -> List[str]: '''Returns a list of ETM MACs that the peer supports.''' ret = [] if algs.ssh2kex is not None: macs_supported = algs.ssh2kex.client.mac if client_audit else algs.ssh2kex.server.mac for mac in macs_supported: if mac.endswith("-etm@openssh.com"): ret.append(mac) return ret def _get_etm_macs_not_enabled(db: Dict[str, Dict[str, List[List[Optional[str]]]]], algs: Algorithms) -> List[str]: '''Returns a list of ETM MACs in our algorithm database.''' ret = [] for mac in db["mac"]: if mac.endswith("-etm@openssh.com") and mac not in _get_etm_macs_enabled(algs): ret.append(mac) return ret algorithm_recommendation_suppress_list = [] algs_to_note = [] # # Post-processing of the OpenSSH diffie-hellman-group-exchange-sha256 fallback mechanism bug/feature. # # If the server is OpenSSH, and the diffie-hellman-group-exchange-sha256 key exchange was found with modulus size 2048, add a note regarding the bug that causes the server to support 2048-bit moduli no matter the configuration. if (algs.ssh2kex is not None and 'diffie-hellman-group-exchange-sha256' in algs.ssh2kex.kex_algorithms and 'diffie-hellman-group-exchange-sha256' in algs.ssh2kex.dh_modulus_sizes() and algs.ssh2kex.dh_modulus_sizes()['diffie-hellman-group-exchange-sha256'] == 2048) and (banner is not None and banner.software is not None and banner.software.find('OpenSSH') != -1): # Ensure a list for notes exists. db = SSH2_KexDB.get_db() while len(db['kex']['diffie-hellman-group-exchange-sha256']) < 4: db['kex']['diffie-hellman-group-exchange-sha256'].append([]) db['kex']['diffie-hellman-group-exchange-sha256'][3].append("A bug in OpenSSH causes it to fall back to a 2048-bit modulus regardless of server configuration (https://bugzilla.mindrot.org/show_bug.cgi?id=2793)") # Ensure that this algorithm doesn't appear in the recommendations section since the user cannot control this OpenSSH bug. algorithm_recommendation_suppress_list.append('diffie-hellman-group-exchange-sha256') # Check for the Terrapin vulnerability (CVE-2023-48795), and mark the vulnerable algorithms. kex_strict_marker = False if algs.ssh2kex is not None and \ ((client_audit and 'kex-strict-c-v00@openssh.com' in algs.ssh2kex.kex_algorithms) or (not client_audit and 'kex-strict-s-v00@openssh.com' in algs.ssh2kex.kex_algorithms)): # Strict KEX marker is present. kex_strict_marker = True db = SSH2_KexDB.get_db() # # Post-processing of algorithms related to the Terrapin vulnerability (CVE-2023-48795). # # Without the strict KEX marker, the chacha20-poly1305 ciphers are always vulnerable. for chacha_cipher in _get_chacha_ciphers_enabled(algs): if kex_strict_marker: # Inform the user that the target is correctly configured, but another peer may still choose this algorithm without using strict KEX negotiation, which would still result in vulnerability. algs_to_note.append(chacha_cipher) else: _add_terrapin_warning(db, "enc", chacha_cipher) cbc_ciphers_enabled = _get_cbc_ciphers_enabled(algs) etm_macs_enabled = _get_etm_macs_enabled(algs) # Without the strict KEX marker, if at least one CBC cipher and at least one ETM MAC is supported, mark them all as vulnerable. if len(cbc_ciphers_enabled) > 0 and len(etm_macs_enabled) > 0: for cipher in cbc_ciphers_enabled: if kex_strict_marker: # Inform the user that the target is correctly configured, but another peer may still choose this algorithm without using strict KEX negotiation, which would still result in vulnerability. algs_to_note.append(cipher) else: _add_terrapin_warning(db, "enc", cipher) for mac in etm_macs_enabled: if kex_strict_marker: # Inform the user that the target is correctly configured, but another peer may still choose this algorithm without using strict KEX negotiation, which would still result in vulnerability. algs_to_note.append(mac) else: _add_terrapin_warning(db, "mac", mac) # Return a note telling the user that, while this target is properly configured, if connected to a vulnerable peer, then a vulnerable connection is still possible. additional_notes = [] if len(algs_to_note) > 0: additional_notes.append("Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present. The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: %s. If any CBC ciphers are in this list, you may remove them while leaving the *-etm@openssh.com MACs in place; these MACs are fine while paired with non-CBC cipher types." % ", ".join(algs_to_note)) # Add the chacha ciphers, CBC ciphers, and ETM MACs to the recommendation suppression list if they are not enabled on the server. That way they are not recommended to the user to enable if they were explicitly disabled to handle the Terrapin vulnerability. However, they can still be recommended for disabling. algorithm_recommendation_suppress_list += _get_chacha_ciphers_not_enabled(db, algs) algorithm_recommendation_suppress_list += _get_cbc_ciphers_not_enabled(db, algs) algorithm_recommendation_suppress_list += _get_etm_macs_not_enabled(db, algs) # Append any notes related to the DH rate test. if len(dh_rate_test_notes) > 0: additional_notes.append(dh_rate_test_notes) return algorithm_recommendation_suppress_list, additional_notes # Returns a exitcodes.* flag to denote if any failures or warnings were encountered. def output(out: OutputBuffer, aconf: AuditConf, banner: Optional[Banner], header: List[str], client_host: Optional[str] = None, kex: Optional[SSH2_Kex] = None, pkm: Optional[SSH1_PublicKeyMessage] = None, print_target: bool = False, dh_rate_test_notes: str = "") -> int: program_retval = exitcodes.GOOD client_audit = client_host is not None # If set, this is a client audit. sshv = 1 if pkm is not None else 2 algs = Algorithms(pkm, kex) # Perform post-processing on the findings to make final adjustments before outputting the results. algorithm_recommendation_suppress_list, additional_notes = post_process_findings(banner, algs, client_audit, dh_rate_test_notes) with out: if print_target: host = aconf.host # Print the port if it's not the default of 22. if aconf.port != 22: # Check if this is an IPv6 address, as that is printed in a different format. if Utils.is_ipv6_address(aconf.host): host = '[%s]:%d' % (aconf.host, aconf.port) else: host = '%s:%d' % (aconf.host, aconf.port) out.good('(gen) target: {}'. format(host)) if client_audit: out.good('(gen) client IP: {}'.format(client_host)) if len(header) > 0: out.info('(gen) header: ' + '\n'.join(header)) if banner is not None: banner_line = '(gen) banner: {}'.format(banner) if sshv == 1 or banner.protocol[0] == 1: out.fail(banner_line) out.fail('(gen) protocol SSH1 enabled') else: out.good(banner_line) if not banner.valid_ascii: # NOTE: RFC 4253, Section 4.2 out.warn('(gen) banner contains non-printable ASCII') software = Software.parse(banner) if software is not None: out.good('(gen) software: {}'.format(software)) else: software = None output_compatibility(out, algs, client_audit) if kex is not None: compressions = [x for x in kex.server.compression if x != 'none'] if len(compressions) > 0: cmptxt = 'enabled ({})'.format(', '.join(compressions)) else: cmptxt = 'disabled' out.good('(gen) compression: {}'.format(cmptxt)) if not out.is_section_empty() and not aconf.json: # Print output when it exists and JSON output isn't requested. out.head('# general') out.flush_section() out.sep() maxlen = algs.maxlen + 1 output_security(out, banner, maxlen, aconf.json) # Filled in by output_algorithms() with unidentified algs. unknown_algorithms: List[str] = [] # SSHv1 if pkm is not None: adb = SSH1_KexDB.get_db() ciphers = pkm.supported_ciphers auths = pkm.supported_authentications title, atype = 'SSH1 host-key algorithms', 'key' program_retval = output_algorithms(out, title, adb, atype, ['ssh-rsa1'], unknown_algorithms, aconf.json, program_retval, maxlen) title, atype = 'SSH1 encryption algorithms (ciphers)', 'enc' program_retval = output_algorithms(out, title, adb, atype, ciphers, unknown_algorithms, aconf.json, program_retval, maxlen) title, atype = 'SSH1 authentication types', 'aut' program_retval = output_algorithms(out, title, adb, atype, auths, unknown_algorithms, aconf.json, program_retval, maxlen) # SSHv2 if kex is not None: adb = SSH2_KexDB.get_db() title, atype = 'key exchange algorithms', 'kex' program_retval = output_algorithms(out, title, adb, atype, kex.kex_algorithms, unknown_algorithms, aconf.json, program_retval, maxlen, dh_modulus_sizes=kex.dh_modulus_sizes()) title, atype = 'host-key algorithms', 'key' program_retval = output_algorithms(out, title, adb, atype, kex.key_algorithms, unknown_algorithms, aconf.json, program_retval, maxlen, host_keys=kex.host_keys()) title, atype = 'encryption algorithms (ciphers)', 'enc' program_retval = output_algorithms(out, title, adb, atype, kex.server.encryption, unknown_algorithms, aconf.json, program_retval, maxlen) title, atype = 'message authentication code algorithms', 'mac' program_retval = output_algorithms(out, title, adb, atype, kex.server.mac, unknown_algorithms, aconf.json, program_retval, maxlen) output_fingerprints(out, algs, aconf.json) perfect_config = output_recommendations(out, algs, algorithm_recommendation_suppress_list, software, aconf.json, maxlen) output_info(out, software, client_audit, not perfect_config, aconf.json, additional_notes) if aconf.json: out.reset() # Build & write the JSON struct. out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list, additional_notes=additional_notes), indent=4 if aconf.json_print_indent else None, sort_keys=True)) elif len(unknown_algorithms) > 0: # If we encountered any unknown algorithms, ask the user to report them. out.warn("\n\n!!! WARNING: unknown algorithm(s) found!: %s. If this is the latest version of ssh-audit (see ), please create a new Github issue at with the full output above.\n" % ','.join(unknown_algorithms)) return program_retval def evaluate_policy(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banner'], client_host: Optional[str], kex: Optional['SSH2_Kex'] = None) -> bool: if aconf.policy is None: raise RuntimeError('Internal error: cannot evaluate against null Policy!') passed, error_struct, error_str = aconf.policy.evaluate(banner, kex) if aconf.json: warnings: List[str] = [] if aconf.policy.is_outdated_builtin_policy(): warnings.append("A newer version of this built-in policy is available.") json_struct = {'host': aconf.host, 'port': aconf.port, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct, 'warnings': warnings} out.info(json.dumps(json_struct, indent=4 if aconf.json_print_indent else None, sort_keys=True)) else: spacing = '' if aconf.client_audit: out.info("Client IP: %s" % client_host) spacing = " " # So the fields below line up with 'Client IP: '. else: host = aconf.host if aconf.port != 22: # Check if this is an IPv6 address, as that is printed in a different format. if Utils.is_ipv6_address(aconf.host): host = '[%s]:%d' % (aconf.host, aconf.port) else: host = '%s:%d' % (aconf.host, aconf.port) out.info("Host: %s" % host) out.info("Policy: %s%s" % (spacing, aconf.policy.get_name_and_version())) out.info("Result: %s" % spacing, line_ended=False) # Use these nice unicode characters in the result message, unless we're on Windows (the cmd.exe terminal doesn't display them properly). icon_good = "✔ " icon_fail = "❌ " if Utils.is_windows(): icon_good = "" icon_fail = "" if passed: out.good("%sPassed" % icon_good) else: out.fail("%sFailed!" % icon_fail) out.warn("\nErrors:\n%s" % error_str) # If the user selected an out-dated built-in policy then issue a warning. if aconf.policy.is_outdated_builtin_policy(): out.warn("Note: A newer version of this built-in policy is available. Use the -L option to view all available versions.") return passed def get_algorithm_recommendations(algs: Optional[Algorithms], algorithm_recommendation_suppress_list: Optional[List[str]], software: Optional[Software], for_server: bool = True) -> Dict[str, Any]: '''Returns the algorithm recommendations.''' ret: Dict[str, Any] = {} if algs is None or software is None: return ret software, alg_rec = algs.get_recommendations(software, for_server) for sshv in range(2, 0, -1): if sshv not in alg_rec: continue for alg_type in ['kex', 'key', 'enc', 'mac']: if alg_type not in alg_rec[sshv]: continue for action in ['del', 'add', 'chg']: if action not in alg_rec[sshv][alg_type]: continue for name in alg_rec[sshv][alg_type][action]: # If this algorithm should be suppressed, skip it. if algorithm_recommendation_suppress_list is not None and name in algorithm_recommendation_suppress_list: continue level = 'informational' points = alg_rec[sshv][alg_type][action][name] if points >= 10: level = 'critical' elif points >= 1: level = 'warning' if level not in ret: ret[level] = {} if action not in ret[level]: ret[level][action] = {} if alg_type not in ret[level][action]: ret[level][action][alg_type] = [] notes = '' if action == 'chg': notes = 'increase modulus size to 3072 bits or larger' ret[level][action][alg_type].append({'name': name, 'notes': notes}) return ret def list_policies(out: OutputBuffer, verbose: bool) -> None: '''Prints a list of server & client policies.''' server_policy_names, client_policy_names = Policy.list_builtin_policies(verbose) if len(server_policy_names) > 0: out.head('\nServer policies:\n') out.info(" * %s" % "\n * ".join(server_policy_names)) if len(client_policy_names) > 0: out.head('\nClient policies:\n') out.info(" * %s" % "\n * ".join(client_policy_names)) out.sep() if len(server_policy_names) == 0 and len(client_policy_names) == 0: out.fail("Error: no built-in policies found!") else: out.info("\nHint: Use -P and provide the full name of a policy to run a policy scan with.\n") out.info("Hint: Use -L -v to see the change log for each policy, as well as previous versions.\n") out.info("Note: the general OpenSSH policies apply to the official releases only. OS distributions may back-port changes that cause failures (for example, Debian 11 back-ported the strict KEX mode into their package of OpenSSH v8.4, whereas it was only officially added to OpenSSH v9.6 and later). In these cases, consider creating a custom policy (-M option).\n") out.info("Note: instructions for hardening targets, which correspond to the above policies, can be found at: \n") out.write() def make_policy(aconf: AuditConf, banner: Optional['Banner'], kex: Optional['SSH2_Kex'], client_host: Optional[str]) -> None: # Set the source of this policy to the server host if this is a server audit, otherwise set it to the client address. source: Optional[str] = aconf.host if aconf.client_audit: source = client_host policy_data = Policy.create(source, banner, kex, aconf.client_audit) if aconf.policy_file is None: raise RuntimeError('Internal error: cannot write policy file since filename is None!') succeeded = False err = '' try: # Open with mode 'x' (creates the file, or fails if it already exist). with open(aconf.policy_file, 'x', encoding='utf-8') as f: f.write(policy_data) succeeded = True except FileExistsError: err = "Error: file already exists: %s" % aconf.policy_file except PermissionError as e: # If installed as a Snap package, print a more useful message with potential work-arounds. if SNAP_PACKAGE: print(SNAP_PERMISSIONS_ERROR) sys.exit(exitcodes.UNKNOWN_ERROR) else: err = "Error: insufficient permissions: %s" % str(e) if succeeded: print("Wrote policy to %s. Customize as necessary, then run a policy scan with -P option." % aconf.policy_file) else: print(err) def process_commandline(out: OutputBuffer, args: List[str], usage_cb: Callable[..., None]) -> 'AuditConf': # pylint: disable=too-many-statements # pylint: disable=too-many-branches aconf = AuditConf() enable_colors = not any(i in args for i in ['--no-colors', '-n']) # Disable colors if the NO_COLOR environment variable is set. if "NO_COLOR" in os.environ: enable_colors = False aconf.colors = enable_colors out.use_colors = enable_colors try: sopts = 'h1246M:p:P:jbcnvl:t:T:Lmdg:' lopts = ['help', 'ssh1', 'ssh2', 'ipv4', 'ipv6', 'make-policy=', 'port=', 'policy=', 'json', 'batch', 'client-audit', 'no-colors', 'verbose', 'level=', 'timeout=', 'targets=', 'list-policies', 'lookup=', 'threads=', 'manual', 'debug', 'gex-test=', 'dheat=', 'skip-rate-test', 'conn-rate-test='] opts, args = getopt.gnu_getopt(args, sopts, lopts) except getopt.GetoptError as err: usage_cb(out, str(err)) aconf.ssh1, aconf.ssh2 = False, False host: str = '' oport: Optional[str] = None port: int = 0 for o, a in opts: if o in ('-h', '--help'): usage_cb(out) elif o in ('-1', '--ssh1'): aconf.ssh1 = True elif o in ('-2', '--ssh2'): aconf.ssh2 = True elif o in ('-4', '--ipv4'): aconf.ipv4 = True elif o in ('-6', '--ipv6'): aconf.ipv6 = True elif o in ('-p', '--port'): oport = a elif o in ('-b', '--batch'): aconf.batch = True aconf.verbose = True elif o in ('-c', '--client-audit'): aconf.client_audit = True elif o in ('-j', '--json'): if aconf.json: # If specified twice, enable indent printing. aconf.json_print_indent = True else: aconf.json = True elif o in ('-v', '--verbose'): aconf.verbose = True out.verbose = True elif o in ('-l', '--level'): if a not in ('info', 'warn', 'fail'): usage_cb(out, 'level {} is not valid'.format(a)) aconf.level = a elif o in ('-t', '--timeout'): aconf.timeout = float(a) aconf.timeout_set = True elif o in ('-M', '--make-policy'): aconf.make_policy = True aconf.policy_file = a elif o in ('-P', '--policy'): aconf.policy_file = a elif o in ('-T', '--targets'): aconf.target_file = a # If we're on Windows, and we can't use the idna workaround, force only one thread to be used (otherwise a crash would occur). # if no_idna_workaround: # print("\nWARNING: the idna module was not found on this system, thus only single-threaded scanning will be done (this is a workaround for this Windows-specific crash: https://github.com/python/cpython/issues/73474). Multi-threaded scanning can be enabled by installing the idna module (pip install idna).\n") # aconf.threads = 1 elif o == '--threads': aconf.threads = int(a) # if no_idna_workaround: # aconf.threads = 1 elif o in ('-L', '--list-policies'): aconf.list_policies = True elif o == '--lookup': aconf.lookup = a elif o in ('-m', '--manual'): aconf.manual = True elif o in ('-d', '--debug'): aconf.debug = True out.debug = True elif o in ('-g', '--gex-test'): permitted_syntax = get_permitted_syntax_for_gex_test() if not any(re.search(regex_str, a) for regex_str in permitted_syntax.values()): usage_cb(out, '{} {} is not valid'.format(o, a)) if re.search(permitted_syntax['RANGE'], a): extracted_digits = re.findall(r'\d+', a) bits_left_bound = int(extracted_digits[0]) bits_right_bound = int(extracted_digits[1]) bits_step = 1 if (len(extracted_digits)) == 3: bits_step = int(extracted_digits[2]) if bits_step <= 0: usage_cb(out, '{} {} is not valid'.format(o, bits_step)) if all(x < 0 for x in (bits_left_bound, bits_right_bound)): usage_cb(out, '{} {} {} is not valid'.format(o, bits_left_bound, bits_right_bound)) aconf.gex_test = a elif o == '--dheat': aconf.dheat = a elif o == '--skip-rate-test': aconf.skip_rate_test = True elif o == '--conn-rate-test': aconf.conn_rate_test = a if len(args) == 0 and aconf.client_audit is False and aconf.target_file is None and aconf.list_policies is False and aconf.lookup == '' and aconf.manual is False: usage_cb(out) if aconf.manual: return aconf if aconf.lookup != '': return aconf if aconf.list_policies: list_policies(out, aconf.verbose) sys.exit(exitcodes.GOOD) if aconf.client_audit is False and aconf.target_file is None: if oport is not None: host = args[0] else: host, port = Utils.parse_host_and_port(args[0]) if not host and aconf.target_file is None: usage_cb(out, 'host is empty') if port == 0 and oport is None: if aconf.client_audit: # The default port to listen on during a client audit is 2222. port = 2222 else: port = 22 if oport is not None: port = Utils.parse_int(oport) if port <= 0 or port > 65535: usage_cb(out, 'port {} is not valid'.format(oport)) aconf.host = host aconf.port = port if not (aconf.ssh1 or aconf.ssh2): aconf.ssh1, aconf.ssh2 = True, True # If a file containing a list of targets was given, read it. if aconf.target_file is not None: try: with open(aconf.target_file, 'r', encoding='utf-8') as f: aconf.target_list = f.readlines() except PermissionError as e: # If installed as a Snap package, print a more useful message with potential work-arounds. if SNAP_PACKAGE: print(SNAP_PERMISSIONS_ERROR) else: print("Error: insufficient permissions: %s" % str(e)) sys.exit(exitcodes.UNKNOWN_ERROR) # Strip out whitespace from each line in target file, and skip empty lines. aconf.target_list = [target.strip() for target in aconf.target_list if target not in ("", "\n")] # If a policy file was provided, validate it. if (aconf.policy_file is not None) and (aconf.make_policy is False): # First, see if this is a built-in policy name. If not, assume a file path was provided, and try to load it from disk. aconf.policy = Policy.load_builtin_policy(aconf.policy_file, json_output=aconf.json) if aconf.policy is None: try: aconf.policy = Policy(policy_file=aconf.policy_file, json_output=aconf.json) except Exception as e: out.fail("Error while loading policy file: %s: %s" % (str(e), traceback.format_exc())) out.write() sys.exit(exitcodes.UNKNOWN_ERROR) # If the user wants to do a client audit, but provided a server policy, terminate. if aconf.client_audit and aconf.policy.is_server_policy(): out.fail("Error: client audit selected, but server policy provided.") out.write() sys.exit(exitcodes.UNKNOWN_ERROR) # If the user wants to do a server audit, but provided a client policy, terminate. if aconf.client_audit is False and aconf.policy.is_server_policy() is False: out.fail("Error: server audit selected, but client policy provided.") out.write() sys.exit(exitcodes.UNKNOWN_ERROR) return aconf def build_struct(target_host: str, banner: Optional['Banner'], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None, additional_notes: List[str] = []) -> Any: # pylint: disable=dangerous-default-value def fetch_notes(algorithm: str, alg_type: str) -> Dict[str, List[Optional[str]]]: '''Returns a dictionary containing the messages in the "fail", "warn", and "info" levels for this algorithm.''' alg_db = SSH2_KexDB.get_db() alg_info = {} if algorithm in alg_db[alg_type]: alg_desc = alg_db[alg_type][algorithm] alg_desc_len = len(alg_desc) # If a list for the failure notes exists, add it to the return value. Similarly, add the related lists for the warnings and informational notes. if (alg_desc_len >= 2) and (len(alg_desc[1]) > 0): alg_info["fail"] = alg_desc[1] if (alg_desc_len >= 3) and (len(alg_desc[2]) > 0): alg_info["warn"] = alg_desc[2] if (alg_desc_len >= 4) and (len(alg_desc[3]) > 0): alg_info["info"] = alg_desc[3] # Add information about when this algorithm was implemented in OpenSSH/Dropbear. since_text = Algorithm.get_since_text(alg_desc[0]) if (since_text is not None) and (len(since_text) > 0): # Add the "info" key with an empty list if the if-block above didn't create it already. if "info" not in alg_info: alg_info["info"] = [] alg_info["info"].append(since_text) else: alg_info["fail"] = [SSH2_KexDB.FAIL_UNKNOWN] return alg_info banner_str = '' banner_protocol = None banner_software = None banner_comments = None if banner is not None: banner_str = str(banner) banner_protocol = '.'.join(str(x) for x in banner.protocol) banner_software = banner.software banner_comments = banner.comments res: Any = { "banner": { "raw": banner_str, "protocol": banner_protocol, "software": banner_software, "comments": banner_comments, }, } # If we're scanning a client host, put the client's IP into the results. Otherwise, include the target host. if client_host is not None: res['client_ip'] = client_host else: res['target'] = target_host if kex is not None: res['compression'] = kex.server.compression res['kex'] = [] dh_alg_sizes = kex.dh_modulus_sizes() for algorithm in kex.kex_algorithms: alg_notes = fetch_notes(algorithm, 'kex') entry: Any = { 'algorithm': algorithm, 'notes': alg_notes, } if algorithm in dh_alg_sizes: hostkey_size = dh_alg_sizes[algorithm] entry['keysize'] = hostkey_size res['kex'].append(entry) res['key'] = [] host_keys = kex.host_keys() for algorithm in kex.key_algorithms: alg_notes = fetch_notes(algorithm, 'key') entry = { 'algorithm': algorithm, 'notes': alg_notes, } if algorithm in host_keys: hostkey_info = host_keys[algorithm] hostkey_size = cast(int, hostkey_info['hostkey_size']) ca_type = '' ca_size = 0 if 'ca_key_type' in hostkey_info: ca_type = cast(str, hostkey_info['ca_key_type']) if 'ca_key_size' in hostkey_info: ca_size = cast(int, hostkey_info['ca_key_size']) if algorithm in HostKeyTest.RSA_FAMILY or algorithm.startswith('ssh-rsa-cert-v0'): entry['keysize'] = hostkey_size if ca_size > 0: entry['ca_algorithm'] = ca_type entry['casize'] = ca_size res['key'].append(entry) res['enc'] = [] for algorithm in kex.server.encryption: alg_notes = fetch_notes(algorithm, 'enc') entry = { 'algorithm': algorithm, 'notes': alg_notes, } res['enc'].append(entry) res['mac'] = [] for algorithm in kex.server.mac: alg_notes = fetch_notes(algorithm, 'mac') entry = { 'algorithm': algorithm, 'notes': alg_notes, } res['mac'].append(entry) res['fingerprints'] = [] host_keys = kex.host_keys() # Normalize all RSA key types to 'ssh-rsa'. Otherwise, due to Python's order-indifference dictionary types, we would iterate key types in unpredictable orders, which interferes with the docker testing framework (i.e.: tests would fail because elements are reported out of order, even though the output is semantically the same). for host_key_type in list(host_keys.keys())[:]: if host_key_type in HostKeyTest.RSA_FAMILY: val = host_keys[host_key_type] del host_keys[host_key_type] host_keys['ssh-rsa'] = val for host_key_type in sorted(host_keys): if host_keys[host_key_type] is None: continue fp = Fingerprint(cast(bytes, host_keys[host_key_type]['raw_hostkey_bytes'])) # Skip over certificate host types (or we would return invalid fingerprints). if '-cert-' in host_key_type: continue # Add the SHA256 and MD5 fingerprints. res['fingerprints'].append({ 'hostkey': host_key_type, 'hash_alg': 'SHA256', 'hash': fp.sha256[7:] }) res['fingerprints'].append({ 'hostkey': host_key_type, 'hash_alg': 'MD5', 'hash': fp.md5[4:] }) else: pkm_supported_ciphers = None pkm_supported_authentications = None pkm_fp = None if pkm is not None: pkm_supported_ciphers = pkm.supported_ciphers pkm_supported_authentications = pkm.supported_authentications pkm_fp = Fingerprint(pkm.host_key_fingerprint_data).sha256 res['key'] = ['ssh-rsa1'] res['enc'] = pkm_supported_ciphers res['aut'] = pkm_supported_authentications res['fingerprints'] = [{ 'type': 'ssh-rsa1', 'fp': pkm_fp, }] # Historically, CVE information was returned. Now we'll just return an empty dictionary so as to not break any legacy clients. res['cves'] = [] # Add in the recommendations. res['recommendations'] = get_algorithm_recommendations(algorithms, algorithm_recommendation_suppress_list, software, for_server=True) # Add in the additional notes. res['additional_notes'] = additional_notes return res # Returns one of the exitcodes.* flags. def audit(out: OutputBuffer, aconf: AuditConf, sshv: Optional[int] = None, print_target: bool = False) -> int: program_retval = exitcodes.GOOD out.batch = aconf.batch out.verbose = aconf.verbose out.debug = aconf.debug out.level = aconf.level out.use_colors = aconf.colors s = SSH_Socket(out, aconf.host, aconf.port, aconf.ip_version_preference, aconf.timeout, aconf.timeout_set) if aconf.client_audit: out.v("Listening for client connection on port %d..." % aconf.port, write_now=True) s.listen_and_accept() else: out.v("Starting audit of %s:%d..." % ('[%s]' % aconf.host if Utils.is_ipv6_address(aconf.host) else aconf.host, aconf.port), write_now=True) err = s.connect() if err is not None: out.fail(err) # If we're running against multiple targets, return a connection error to the calling worker thread. Otherwise, write the error message to the console and exit. if len(aconf.target_list) > 0: return exitcodes.CONNECTION_ERROR else: out.write() sys.exit(exitcodes.CONNECTION_ERROR) if sshv is None: sshv = 2 if aconf.ssh2 else 1 err = None banner, header, err = s.get_banner(sshv) if banner is None: if err is None: err = '[exception] did not receive banner.' else: err = '[exception] did not receive banner: {}'.format(err) if err is None: s.send_kexinit() # Send the algorithms we support (except we don't since this isn't a real SSH connection). packet_type, payload = s.read_packet(sshv) if packet_type < 0: try: if len(payload) > 0: payload_txt = payload.decode('utf-8') else: payload_txt = 'empty' except UnicodeDecodeError: payload_txt = '"{}"'.format(repr(payload).lstrip('b')[1:-1]) if payload_txt == 'Protocol major versions differ.': if sshv == 2 and aconf.ssh1: ret = audit(out, aconf, 1) out.write() return ret err = '[exception] error reading packet ({})'.format(payload_txt) else: err_pair = None if sshv == 1 and packet_type != Protocol.SMSG_PUBLIC_KEY: err_pair = ('SMSG_PUBLIC_KEY', Protocol.SMSG_PUBLIC_KEY) elif sshv == 2 and packet_type != Protocol.MSG_KEXINIT: err_pair = ('MSG_KEXINIT', Protocol.MSG_KEXINIT) if err_pair is not None: fmt = '[exception] did not receive {0} ({1}), ' + \ 'instead received unknown message ({2})' err = fmt.format(err_pair[0], err_pair[1], packet_type) if err is not None: output(out, aconf, banner, header) out.fail(err) return exitcodes.CONNECTION_ERROR if sshv == 1: program_retval = output(out, aconf, banner, header, pkm=SSH1_PublicKeyMessage.parse(payload)) elif sshv == 2: try: kex = SSH2_Kex.parse(out, payload) out.d(str(kex)) except Exception: out.fail("Failed to parse server's kex. Stack trace:\n%s" % str(traceback.format_exc())) return exitcodes.CONNECTION_ERROR if aconf.dheat is not None: DHEat(out, aconf, banner, kex).run() return exitcodes.GOOD elif aconf.conn_rate_test_enabled: DHEat.dh_rate_test(out, aconf, kex, 0, 0, 0) return exitcodes.GOOD dh_rate_test_notes = "" if aconf.client_audit is False: HostKeyTest.run(out, s, kex) if aconf.gex_test != '': return run_gex_granular_modulus_size_test(out, s, kex, aconf) else: GEXTest.run(out, s, banner, kex) # Skip the rate test if the user specified "--skip-rate-test". if aconf.skip_rate_test: out.d("Skipping rate test due to --skip-rate-test option.") else: # Try to open many TCP connections against the server if any Diffie-Hellman key exchanges are present; this tests potential vulnerability to the DHEat DOS attack. Use 3 concurrent sockets over at most 1.5 seconds to open at most 38 connections (stops if 1.5 seconds elapse, or 38 connections are opened--whichever comes first). If more than 25 connections per second were observed, flag the DH algorithms with a warning about the DHEat DOS vuln. dh_rate_test_notes = DHEat.dh_rate_test(out, aconf, kex, 1.5, 38, 3) # This is a standard audit scan. if (aconf.policy is None) and (aconf.make_policy is False): program_retval = output(out, aconf, banner, header, client_host=s.client_host, kex=kex, print_target=print_target, dh_rate_test_notes=dh_rate_test_notes) # This is a policy test. elif (aconf.policy is not None) and (aconf.make_policy is False): program_retval = exitcodes.GOOD if evaluate_policy(out, aconf, banner, s.client_host, kex=kex) else exitcodes.FAILURE # A new policy should be made from this scan. elif (aconf.policy is None) and (aconf.make_policy is True): make_policy(aconf, banner, kex, s.client_host) else: raise RuntimeError('Internal error while handling output: %r %r' % (aconf.policy is None, aconf.make_policy)) return program_retval def algorithm_lookup(out: OutputBuffer, alg_names: str) -> int: '''Looks up a comma-separated list of algorithms and outputs their security properties. Returns an exitcodes.* flag.''' retval = exitcodes.GOOD alg_types = { 'kex': 'key exchange algorithms', 'key': 'host-key algorithms', 'mac': 'message authentication code algorithms', 'enc': 'encryption algorithms (ciphers)' } algorithm_names = alg_names.split(",") adb = SSH2_KexDB.get_db() # Use nested dictionary comprehension to iterate an outer dictionary where # each key is an alg type that consists of a value (which is itself a # dictionary) of alg names. Filter the alg names against the user supplied # list of names. algorithms_dict = { outer_k: { inner_k for (inner_k, inner_v) in outer_v.items() if inner_k in algorithm_names } for (outer_k, outer_v) in adb.items() } unknown_algorithms: List[str] = [] padding = len(max(algorithm_names, key=len)) for alg_type in alg_types: if len(algorithms_dict[alg_type]) > 0: title = str(alg_types.get(alg_type)) retval = output_algorithms(out, title, adb, alg_type, list(algorithms_dict[alg_type]), unknown_algorithms, False, retval, padding) algorithms_dict_flattened = [ alg_name for val in algorithms_dict.values() for alg_name in val ] algorithms_not_found = [ alg_name for alg_name in algorithm_names if alg_name not in algorithms_dict_flattened ] similar_algorithms = [ alg_unknown + " --> (" + alg_type + ") " + alg_name for alg_unknown in algorithms_not_found for alg_type, alg_names in adb.items() for alg_name in alg_names # Perform a case-insensitive comparison using 'casefold' # and match substrings using the 'in' operator. if alg_unknown.casefold() in alg_name.casefold() ] if len(algorithms_not_found) > 0: retval = exitcodes.FAILURE out.head('# unknown algorithms') for algorithm_not_found in algorithms_not_found: out.fail(algorithm_not_found) out.sep() if len(similar_algorithms) > 0: retval = exitcodes.FAILURE out.head('# suggested similar algorithms') for similar_algorithm in similar_algorithms: out.warn(similar_algorithm) return retval # Worker thread for scanning multiple targets concurrently. def target_worker_thread(host: str, port: int, shared_aconf: AuditConf) -> Tuple[int, str]: ret = -1 string_output = '' out = OutputBuffer() out.verbose = shared_aconf.verbose my_aconf = copy.deepcopy(shared_aconf) my_aconf.host = host my_aconf.port = port # If we're outputting JSON, turn off colors and ensure 'info' level messages go through. if my_aconf.json: out.json = True out.use_colors = False out.v("Running against: %s:%d..." % (my_aconf.host, my_aconf.port), write_now=True) try: ret = audit(out, my_aconf, print_target=True) string_output = out.get_buffer() except Exception: ret = -1 string_output = "An exception occurred while scanning %s:%d:\n%s" % (host, port, str(traceback.format_exc())) return ret, string_output def builtin_manual(out: OutputBuffer) -> int: '''Prints the man page (Docker, PyPI, Snap, and Windows builds only). Returns an exitcodes.* flag.''' builtin_man_page = BUILTIN_MAN_PAGE if builtin_man_page == "": out.fail("The '-m' and '--manual' parameters are reserved for use in Docker, PyPI, Snap,\nand Windows builds only. Users of other platforms should read the system man\npage.") return exitcodes.FAILURE # If colors are disabled, strip the ANSI color codes from the man page. if not out.use_colors: builtin_man_page = re.sub(r'\x1b\[\d+?m', '', builtin_man_page) out.info(builtin_man_page) return exitcodes.GOOD def get_permitted_syntax_for_gex_test() -> Dict[str, str]: syntax = { 'RANGE': r'^\d+-\d+(:\d+)?$', 'LIST_WITHOUT_MIN_PREF_MAX': r'^\d+(,\d+)*$', 'LIST_WITH_MIN_PREF_MAX': r'^\d+:\d+:\d+(,\d+:\d+:\d+)*$' } return syntax def run_gex_granular_modulus_size_test(out: OutputBuffer, s: 'SSH_Socket', kex: 'SSH2_Kex', aconf: AuditConf) -> int: '''Extracts the user specified modulus sizes and submits them for testing against the target server. Returns an exitcodes.* flag.''' permitted_syntax = get_permitted_syntax_for_gex_test() mod_dict: Dict[str, List[int]] = {} # Range syntax. if re.search(permitted_syntax['RANGE'], aconf.gex_test): extracted_digits = re.findall(r'\d+', aconf.gex_test) bits_left_bound = int(extracted_digits[0]) bits_right_bound = int(extracted_digits[1]) bits_step = 1 if (len(extracted_digits)) == 3: bits_step = int(extracted_digits[2]) # If the left value is greater than the right value, then the sequence # operates from right to left. if bits_left_bound <= bits_right_bound: bits_in_range_to_test = range(bits_left_bound, bits_right_bound + 1, bits_step) else: bits_in_range_to_test = range(bits_left_bound, bits_right_bound - 1, -abs(bits_step)) out.v("A separate test will be performed against each of the following modulus sizes: " + ", ".join([str(x) for x in bits_in_range_to_test]) + ".", write_now=True) for i_bits in bits_in_range_to_test: program_retval = GEXTest.granular_modulus_size_test(out, s, kex, i_bits, i_bits, i_bits, mod_dict) if program_retval != exitcodes.GOOD: return program_retval # Two variations of list syntax. if re.search(permitted_syntax['LIST_WITHOUT_MIN_PREF_MAX'], aconf.gex_test): bits_in_list_to_test = aconf.gex_test.split(',') out.v("A separate test will be performed against each of the following modulus sizes: " + ", ".join([str(x) for x in bits_in_list_to_test]) + ".", write_now=True) for s_bits in bits_in_list_to_test: program_retval = GEXTest.granular_modulus_size_test(out, s, kex, int(s_bits), int(s_bits), int(s_bits), mod_dict) if program_retval != exitcodes.GOOD: return program_retval if re.search(permitted_syntax['LIST_WITH_MIN_PREF_MAX'], aconf.gex_test): sets_of_min_pref_max = aconf.gex_test.split(',') out.v("A separate test will be performed against each of the following sets of 'min:pref:max' modulus sizes: " + ', '.join(sets_of_min_pref_max), write_now=True) for set_of_min_pref_max in sets_of_min_pref_max: bits_in_list_to_test = set_of_min_pref_max.split(':') program_retval = GEXTest.granular_modulus_size_test(out, s, kex, int(bits_in_list_to_test[0]), int(bits_in_list_to_test[1]), int(bits_in_list_to_test[2]), mod_dict) if program_retval != exitcodes.GOOD: return program_retval if mod_dict: if aconf.json: json_struct = {'dh-gex-modulus-size': mod_dict} out.info(json.dumps(json_struct, indent=4 if aconf.json_print_indent else None, sort_keys=True)) else: out.head('# diffie-hellman group exchange modulus size') max_key_len = len(max(mod_dict, key=len)) for key, value in mod_dict.items(): padding = (max_key_len - len(key)) + 1 out.info(key + " " * padding + '--> ' + ', '.join([str(i) for i in value])) return program_retval def main() -> int: out = OutputBuffer() aconf = process_commandline(out, sys.argv[1:], usage) # If we're on Windows, but the colorama module could not be imported, print a warning if we're in verbose mode. if (sys.platform == 'win32') and ('colorama' not in sys.modules): out.v("WARNING: colorama module not found. Colorized output will be disabled.", write_now=True) # If we're outputting JSON, turn off colors and ensure 'info' level messages go through. if aconf.json: out.json = True out.use_colors = False if aconf.manual: # If the colorama module was not be imported, turn off colors in order # to output a plain text version of the man page. if (sys.platform == 'win32') and ('colorama' not in sys.modules): out.use_colors = False retval = builtin_manual(out) out.write() sys.exit(retval) if aconf.lookup != '': retval = algorithm_lookup(out, aconf.lookup) out.write() sys.exit(retval) # If multiple targets were specified... if len(aconf.target_list) > 0: ret = exitcodes.GOOD # If JSON output is desired, each target's results will be reported in its own list entry. if aconf.json: print('[', end='') # Loop through each target in the list. Entries can specify a port number to use, otherwise the value provided on the command line (--port=N) will be used by default (set to 22 if --port is not used). target_servers = [] for _, target in enumerate(aconf.target_list): host, port = Utils.parse_host_and_port(target, default_port=aconf.port) target_servers.append((host, port)) # A ranked list of return codes. Those with higher indices will take precedence over lower ones. For example, if three servers are scanned, yielding WARNING, GOOD, and UNKNOWN_ERROR, the overall result will be UNKNOWN_ERROR, since its index is the highest. Errors have highest priority, followed by failures, then warnings. ranked_return_codes = [exitcodes.GOOD, exitcodes.WARNING, exitcodes.FAILURE, exitcodes.CONNECTION_ERROR, exitcodes.UNKNOWN_ERROR] # Queue all worker threads. num_target_servers = len(target_servers) num_processed = 0 out.v("Scanning %u targets with %s%u threads..." % (num_target_servers, '(at most) ' if aconf.threads > num_target_servers else '', aconf.threads), write_now=True) with concurrent.futures.ThreadPoolExecutor(max_workers=aconf.threads) as executor: future_to_server = {executor.submit(target_worker_thread, target_server[0], target_server[1], aconf): target_server for target_server in target_servers} for future in concurrent.futures.as_completed(future_to_server): worker_ret, worker_output = future.result() # If this worker's return code is ranked higher that what we've cached so far, update our cache. if ranked_return_codes.index(worker_ret) > ranked_return_codes.index(ret): ret = worker_ret # print("Worker for %s:%d returned %d: [%s]" % (target_server[0], target_server[1], worker_ret, worker_output)) print(worker_output, end='' if aconf.json else "\n") # Don't print a delimiter after the last target was handled. num_processed += 1 if num_processed < num_target_servers: if aconf.json: print(", ", end='') else: print(("-" * 80) + "\n") if aconf.json: print(']') # Send notification that this thread is exiting. This deletes the thread's local copy of the algorithm databases. SSH1_KexDB.thread_exit() SSH2_KexDB.thread_exit() else: # Just a scan against a single target. ret = audit(out, aconf) out.write() return ret if __name__ == '__main__': # pragma: nocover multiprocessing.freeze_support() # Needed for PyInstaller (Windows) builds. exit_code = exitcodes.GOOD try: exit_code = main() except Exception: exit_code = exitcodes.UNKNOWN_ERROR print(traceback.format_exc()) sys.exit(exit_code) ssh-audit-3.3.0/src/ssh_audit/ssh_socket.py000066400000000000000000000350571470352310600207220ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2021 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import errno import os import select import socket import struct import sys # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit import exitcodes from ssh_audit.banner import Banner from ssh_audit.globals import SSH_HEADER from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.protocol import Protocol from ssh_audit.readbuf import ReadBuf from ssh_audit.ssh1 import SSH1 from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.ssh2_kexparty import SSH2_KexParty from ssh_audit.utils import Utils from ssh_audit.writebuf import WriteBuf class SSH_Socket(ReadBuf, WriteBuf): class InsufficientReadException(Exception): pass SM_BANNER_SENT = 1 def __init__(self, outputbuffer: 'OutputBuffer', host: Optional[str], port: int, ip_version_preference: List[int] = [], timeout: Union[int, float] = 5, timeout_set: bool = False) -> None: # pylint: disable=dangerous-default-value super(SSH_Socket, self).__init__() self.__outputbuffer = outputbuffer self.__sock: Optional[socket.socket] = None self.__sock_map: Dict[int, socket.socket] = {} self.__block_size = 8 self.__state = 0 self.__header: List[str] = [] self.__banner: Optional[Banner] = None if host is None: raise ValueError('undefined host') nport = Utils.parse_int(port) if nport < 1 or nport > 65535: raise ValueError('invalid port: {}'.format(port)) self.__host = host self.__port = nport self.__ip_version_preference = ip_version_preference # Holds only 5 possible values: [] (no preference), [4] (use IPv4 only), [6] (use IPv6 only), [46] (use both IPv4 and IPv6, but prioritize v4), and [64] (use both IPv4 and IPv6, but prioritize v6). self.__timeout = timeout self.__timeout_set = timeout_set self.client_host: Optional[str] = None self.client_port = None def _resolve(self) -> Iterable[Tuple[int, Tuple[Any, ...]]]: """Resolves a hostname into a list of IPs Raises ------ socket.gaierror [Errno -2] If the hostname cannot be resolved. """ # If __ip_version_preference has only one entry, then it means that ONLY that IP version should be used. if len(self.__ip_version_preference) == 1: family = socket.AF_INET if self.__ip_version_preference[0] == 4 else socket.AF_INET6 else: family = socket.AF_UNSPEC stype = socket.SOCK_STREAM r = socket.getaddrinfo(self.__host, self.__port, family, stype) # If the user has a preference for using IPv4 over IPv6 (or vice-versa), then sort the list returned by getaddrinfo() so that the preferred address type comes first. if len(self.__ip_version_preference) == 2: r = sorted(r, key=lambda x: x[0], reverse=(self.__ip_version_preference[0] == 6)) # pylint: disable=superfluous-parens for af, socktype, _proto, _canonname, addr in r: if socktype == socket.SOCK_STREAM: yield af, addr # Listens on a server socket and accepts one connection (used for # auditing client connections). def listen_and_accept(self) -> None: try: # Socket to listen on all IPv4 addresses. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind(('0.0.0.0', self.__port)) s.listen() self.__sock_map[s.fileno()] = s except Exception as e: print("Warning: failed to listen on any IPv4 interfaces: %s" % str(e), file=sys.stderr) try: # Socket to listen on all IPv6 addresses. s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 1) s.bind(('::', self.__port)) s.listen() self.__sock_map[s.fileno()] = s except Exception as e: print("Warning: failed to listen on any IPv6 interfaces: %s" % str(e), file=sys.stderr) # If we failed to listen on any interfaces, terminate. if len(self.__sock_map.keys()) == 0: print("Error: failed to listen on any IPv4 and IPv6 interfaces!", file=sys.stderr) sys.exit(exitcodes.CONNECTION_ERROR) # Wait for an incoming connection. If a timeout was explicitly # set by the user, terminate when it elapses. fds = None time_elapsed = 0.0 interval = 1.0 while True: # Wait for a connection on either socket. fds = select.select(self.__sock_map.keys(), [], [], interval) time_elapsed += interval # We have incoming data on at least one of the sockets. if len(fds[0]) > 0: break if self.__timeout_set and time_elapsed >= self.__timeout: print("Timeout elapsed. Terminating...") sys.exit(exitcodes.CONNECTION_ERROR) # Accept the connection. c, addr = self.__sock_map[fds[0][0]].accept() self.client_host = addr[0] self.client_port = addr[1] c.settimeout(self.__timeout) self.__sock = c def connect(self) -> Optional[str]: '''Returns None on success, or an error string.''' err = None s = None try: for af, addr in self._resolve(): s = socket.socket(af, socket.SOCK_STREAM) s.settimeout(self.__timeout) self.__outputbuffer.d(("Connecting to %s:%d..." % ('[%s]' % addr[0] if Utils.is_ipv6_address(addr[0]) else addr[0], addr[1])), write_now=True) s.connect(addr) self.__sock = s return None except socket.error as e: err = e self._close_socket(s) if err is None: errm = 'host {} has no DNS records'.format(self.__host) else: errt = (self.__host, self.__port, err) errm = 'cannot connect to {} port {}: {}'.format(*errt) return '[exception] {}'.format(errm) def get_banner(self, sshv: int = 2) -> Tuple[Optional['Banner'], List[str], Optional[str]]: self.__outputbuffer.d('Getting banner...', write_now=True) if self.__sock is None: return self.__banner, self.__header, 'not connected' if self.__banner is not None: return self.__banner, self.__header, None banner = SSH_HEADER.format('1.5' if sshv == 1 else '2.0') if self.__state < self.SM_BANNER_SENT: self.send_banner(banner) s = 0 e = None while s >= 0: s, e = self.recv() if s < 0: continue while self.unread_len > 0: line = self.read_line() if len(line.strip()) == 0: continue self.__banner = Banner.parse(line) if self.__banner is not None: return self.__banner, self.__header, None self.__header.append(line) return self.__banner, self.__header, e def recv(self, size: int = 2048) -> Tuple[int, Optional[str]]: if self.__sock is None: return -1, 'not connected' try: data = self.__sock.recv(size) except socket.timeout: return -1, 'timed out' except socket.error as e: if e.args[0] in (errno.EAGAIN, errno.EWOULDBLOCK): return 0, 'retry' return -1, str(e.args[-1]) if len(data) == 0: return -1, None pos = self._buf.tell() self._buf.seek(0, 2) self._buf.write(data) self._len += len(data) self._buf.seek(pos, 0) return len(data), None def send(self, data: bytes) -> Tuple[int, Optional[str]]: if self.__sock is None: return -1, 'not connected' try: self.__sock.send(data) return 0, None except socket.error as e: return -1, str(e.args[-1]) # Send a KEXINIT with the lists of key exchanges, hostkeys, ciphers, MACs, compressions, and languages that we "support". def send_kexinit(self, key_exchanges: List[str] = ['curve25519-sha256', 'curve25519-sha256@libssh.org', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group14-sha256'], hostkeys: List[str] = ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ssh-ed25519'], ciphers: List[str] = ['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'], macs: List[str] = ['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'], compressions: List[str] = ['none', 'zlib@openssh.com'], languages: List[str] = ['']) -> None: # pylint: disable=dangerous-default-value '''Sends the list of supported host keys, key exchanges, ciphers, and MACs. Emulates OpenSSH v8.2.''' self.__outputbuffer.d('KEX initialisation...', write_now=True) kexparty = SSH2_KexParty(ciphers, macs, compressions, languages) kex = SSH2_Kex(self.__outputbuffer, os.urandom(16), key_exchanges, hostkeys, kexparty, kexparty, False, 0) self.write_byte(Protocol.MSG_KEXINIT) kex.write(self) self.send_packet() def send_banner(self, banner: str) -> None: self.send(banner.encode() + b'\r\n') self.__state = max(self.__state, self.SM_BANNER_SENT) def ensure_read(self, size: int) -> None: while self.unread_len < size: s, e = self.recv() if s < 0: raise SSH_Socket.InsufficientReadException(e) def read_packet(self, sshv: int = 2) -> Tuple[int, bytes]: try: header = WriteBuf() self.ensure_read(4) packet_length = self.read_int() header.write_int(packet_length) # XXX: validate length if sshv == 1: padding_length = 8 - packet_length % 8 self.ensure_read(padding_length) padding = self.read(padding_length) header.write(padding) payload_length = packet_length check_size = padding_length + payload_length else: self.ensure_read(1) padding_length = self.read_byte() header.write_byte(padding_length) payload_length = packet_length - padding_length - 1 check_size = 4 + 1 + payload_length + padding_length if check_size % self.__block_size != 0: self.__outputbuffer.fail('[exception] invalid ssh packet (block size)').write() sys.exit(exitcodes.CONNECTION_ERROR) self.ensure_read(payload_length) if sshv == 1: payload = self.read(payload_length - 4) header.write(payload) crc = self.read_int() header.write_int(crc) else: payload = self.read(payload_length) header.write(payload) packet_type = ord(payload[0:1]) if sshv == 1: rcrc = SSH1.crc32(padding + payload) if crc != rcrc: self.__outputbuffer.fail('[exception] packet checksum CRC32 mismatch.').write() sys.exit(exitcodes.CONNECTION_ERROR) else: self.ensure_read(padding_length) padding = self.read(padding_length) payload = payload[1:] return packet_type, payload except SSH_Socket.InsufficientReadException as ex: if ex.args[0] is None: header.write(self.read(self.unread_len)) e = header.write_flush().strip() else: e = ex.args[0].encode('utf-8') return -1, e def send_packet(self) -> Tuple[int, Optional[str]]: payload = self.write_flush() padding = -(len(payload) + 5) % 8 if padding < 4: padding += 8 plen = len(payload) + padding + 1 pad_bytes = b'\x00' * padding data = struct.pack('>Ib', plen, padding) + payload + pad_bytes return self.send(data) def is_connected(self) -> bool: """Returns true if this Socket is connected, False otherwise.""" return self.__sock is not None def close(self) -> None: self.__cleanup() self.reset() self.__state = 0 self.__header = [] self.__banner = None def _close_socket(self, s: Optional[socket.socket]) -> None: try: if s is not None: s.shutdown(socket.SHUT_RDWR) s.close() # pragma: nocover except Exception: pass def __del__(self) -> None: self.__cleanup() def __cleanup(self) -> None: self._close_socket(self.__sock) for sock in self.__sock_map.values(): self._close_socket(sock) self.__sock = None ssh-audit-3.3.0/src/ssh_audit/timeframe.py000066400000000000000000000065721470352310600205260ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 from ssh_audit.algorithm import Algorithm class Timeframe: def __init__(self) -> None: self.__storage: Dict[str, List[Optional[str]]] = {} def __contains__(self, product: str) -> bool: return product in self.__storage def __getitem__(self, product: str) -> Sequence[Optional[str]]: return tuple(self.__storage.get(product, [None] * 4)) def __str__(self) -> str: return self.__storage.__str__() def __repr__(self) -> str: return self.__str__() def get_from(self, product: str, for_server: bool = True) -> Optional[str]: return self[product][0 if bool(for_server) else 2] def get_till(self, product: str, for_server: bool = True) -> Optional[str]: return self[product][1 if bool(for_server) else 3] def _update(self, versions: Optional[str], pos: int) -> None: ssh_versions: Dict[str, str] = {} for_srv, for_cli = pos < 2, pos > 1 for v in (versions or '').split(','): ssh_prod, ssh_ver, is_cli = Algorithm.get_ssh_version(v) if not ssh_ver or (is_cli and for_srv) or (not is_cli and for_cli and ssh_prod in ssh_versions): continue ssh_versions[ssh_prod] = ssh_ver for ssh_product, ssh_version in ssh_versions.items(): if ssh_product not in self.__storage: self.__storage[ssh_product] = [None] * 4 prev = self[ssh_product][pos] if (prev is None or (prev < ssh_version and pos % 2 == 0) or (prev > ssh_version and pos % 2 == 1)): self.__storage[ssh_product][pos] = ssh_version def update(self, versions: List[Optional[str]], for_server: Optional[bool] = None) -> 'Timeframe': for_cli = for_server is None or for_server is False for_srv = for_server is None or for_server is True vlen = len(versions) for i in range(min(3, vlen)): if for_srv and i < 2: self._update(versions[i], i) if for_cli and (i % 2 == 0 or vlen == 2): self._update(versions[i], 3 - 0**i) return self ssh-audit-3.3.0/src/ssh_audit/utils.py000066400000000000000000000125061470352310600177070ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import ipaddress import re import sys # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 class Utils: @classmethod def _type_err(cls, v: Any, target: str) -> TypeError: return TypeError('cannot convert {} to {}'.format(type(v), target)) @classmethod def to_bytes(cls, v: Union[bytes, str], enc: str = 'utf-8') -> bytes: if isinstance(v, bytes): return v elif isinstance(v, str): return v.encode(enc) raise cls._type_err(v, 'bytes') @classmethod def to_text(cls, v: Union[str, bytes], enc: str = 'utf-8') -> str: if isinstance(v, str): return v elif isinstance(v, bytes): return v.decode(enc) raise cls._type_err(v, 'unicode text') @classmethod def _is_ascii(cls, v: str, char_filter: Callable[[int], bool] = lambda x: x <= 127) -> bool: r = False if isinstance(v, str): for c in v: i = cls.ctoi(c) if not char_filter(i): return r r = True return r @classmethod def _to_ascii(cls, v: str, char_filter: Callable[[int], bool] = lambda x: x <= 127, errors: str = 'replace') -> str: if isinstance(v, str): r = bytearray() for c in v: i = cls.ctoi(c) if char_filter(i): r.append(i) else: if errors == 'ignore': continue r.append(63) return cls.to_text(r.decode('ascii')) raise cls._type_err(v, 'ascii') @classmethod def is_ascii(cls, v: str) -> bool: return cls._is_ascii(v) @classmethod def to_ascii(cls, v: str, errors: str = 'replace') -> str: return cls._to_ascii(v, errors=errors) @classmethod def is_print_ascii(cls, v: str) -> bool: return cls._is_ascii(v, lambda x: 126 >= x >= 32) @classmethod def to_print_ascii(cls, v: str, errors: str = 'replace') -> str: return cls._to_ascii(v, lambda x: 126 >= x >= 32, errors) @classmethod def unique_seq(cls, seq: Sequence[Any]) -> Sequence[Any]: seen: Set[Any] = set() def _seen_add(x: Any) -> bool: seen.add(x) return False if isinstance(seq, tuple): return tuple(x for x in seq if x not in seen and not _seen_add(x)) else: return [x for x in seq if x not in seen and not _seen_add(x)] @classmethod def ctoi(cls, c: Union[str, int]) -> int: if isinstance(c, str): return ord(c[0]) else: return c @staticmethod def parse_int(v: Any) -> int: try: return int(v) except ValueError: return 0 @staticmethod def parse_float(v: Any) -> float: try: return float(v) except ValueError: return -1.0 @staticmethod def parse_host_and_port(host_and_port: str, default_port: int = 0) -> Tuple[str, int]: '''Parses a string into a tuple of its host and port. The port is 0 if not specified.''' host = host_and_port port = default_port mx = re.match(r'^\[([^\]]+)\](?::(\d+))?$', host_and_port) if mx is not None: host = mx.group(1) port_str = mx.group(2) if port_str is not None: port = int(port_str) else: s = host_and_port.split(':') if len(s) == 2: host = s[0] if len(s[1]) > 0: port = int(s[1]) return host, port @staticmethod def is_ipv6_address(address: str) -> bool: '''Returns True if address is an IPv6 address, otherwise False.''' is_ipv6 = True try: ipaddress.IPv6Address(address) except ipaddress.AddressValueError: is_ipv6 = False return is_ipv6 @staticmethod def is_windows() -> bool: return sys.platform in ['win32', 'cygwin'] ssh-audit-3.3.0/src/ssh_audit/writebuf.py000066400000000000000000000075531470352310600204040ustar00rootroot00000000000000""" The MIT License (MIT) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ import io import struct # pylint: disable=unused-import from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Callable, Optional, Union, Any # noqa: F401 class WriteBuf: def __init__(self, data: Optional[bytes] = None) -> None: super(WriteBuf, self).__init__() self._wbuf = io.BytesIO(data) if data is not None else io.BytesIO() def write(self, data: bytes) -> 'WriteBuf': self._wbuf.write(data) return self def write_byte(self, v: int) -> 'WriteBuf': return self.write(struct.pack('B', v)) def write_bool(self, v: bool) -> 'WriteBuf': return self.write_byte(1 if v else 0) def write_int(self, v: int) -> 'WriteBuf': return self.write(struct.pack('>I', v)) def write_string(self, v: Union[bytes, str]) -> 'WriteBuf': if not isinstance(v, bytes): v = bytes(bytearray(v, 'utf-8')) self.write_int(len(v)) return self.write(v) def write_list(self, v: List[str]) -> 'WriteBuf': return self.write_string(','.join(v)) @classmethod def _bitlength(cls, n: int) -> int: try: return n.bit_length() except AttributeError: return len(bin(n)) - (2 if n > 0 else 3) @classmethod def _create_mpint(cls, n: int, signed: bool = True, bits: Optional[int] = None) -> bytes: if bits is None: bits = cls._bitlength(n) length = bits // 8 + (1 if n != 0 else 0) ql = (length + 7) // 8 fmt, v2 = '>{}Q'.format(ql), [0] * ql for i in range(ql): v2[ql - i - 1] = n & 0xffffffffffffffff n >>= 64 data = bytes(struct.pack(fmt, *v2)[-length:]) if not signed: data = data.lstrip(b'\x00') elif data.startswith(b'\xff\x80'): data = data[1:] return data def write_mpint1(self, n: int) -> 'WriteBuf': # NOTE: Data Type Enc @ http://www.snailbook.com/docs/protocol-1.5.txt bits = self._bitlength(n) data = self._create_mpint(n, False, bits) self.write(struct.pack('>H', bits)) return self.write(data) def write_mpint2(self, n: int) -> 'WriteBuf': # NOTE: Section 5 @ https://www.ietf.org/rfc/rfc4251.txt data = self._create_mpint(n) return self.write_string(data) def write_line(self, v: Union[bytes, str]) -> 'WriteBuf': if not isinstance(v, bytes): v = bytes(bytearray(v, 'utf-8')) v += b'\r\n' return self.write(v) def write_flush(self) -> bytes: payload = self._wbuf.getvalue() self._wbuf.truncate(0) self._wbuf.seek(0) return payload def reset(self) -> None: self._wbuf = io.BytesIO() ssh-audit-3.3.0/ssh-audit.1000066400000000000000000000271541470352310600154130ustar00rootroot00000000000000.TH SSH-AUDIT 1 "September 24, 2024" .SH NAME \fBssh-audit\fP \- SSH server & client configuration auditor .SH SYNOPSIS .B ssh-audit .RI [ options ] " " .SH DESCRIPTION .PP \fBssh-audit\fP analyzes the configuration of SSH servers & clients, then warns the user of weak, obsolete, and/or untested cryptographic primitives. It is very useful for hardening SSH tunnels, which by default tend to be optimized for compatibility, not security. .PP See for official hardening guides for common platforms. .SH OPTIONS .TP .B -h, \-\-help .br Print short summary of options. .TP .B -1, \-\-ssh1 .br Only perform an audit using SSH protocol version 1. .TP .B -2, \-\-ssh2 .br Only perform an audit using SSH protocol version 2. .TP .B -4, \-\-ipv4 .br Prioritize the usage of IPv4. .TP .B -6, \-\-ipv6 .br Prioritize the usage of IPv6. .TP .B -b, \-\-batch .br Enables grepable output. .TP .B -c, \-\-client\-audit .br Starts a server on port 2222 to audit client software configuration. Use -p/--port= to change port and -t/--timeout= to change listen timeout. .TP .B \-\-conn\-rate\-test=N[:max_rate] .br Performs a connection rate test (useful for collecting metrics related to susceptibility of the DHEat vulnerability [CVE-2002-20001]). A successful connection is counted when the server returns a valid SSH banner. Testing is conducted with N concurrent sockets with an optional maximum rate of connections per second. .TP .B -d, \-\-debug .br Enable debug output. .TP .B \-\-dheat=N[:kex[:e_len]] .br Run the DHEat DoS attack (CVE-2002-20001) against the target server (which will consume all available CPU resources). The number of concurrent sockets, N, needed to achieve this effect will be highly dependent on the CPU resources available on the target, as well as the latency between the source and target machines. The key exchange is automatically chosen based on which would cause maximum effect, unless explicitly chosen in the second field. Lastly, an (experimental) option allows the length in bytes of the fake e value sent to the server to be specified in the third field. Normally, the length of e is roughly the length of the modulus of the Diffie-Hellman exchange (hence, an 8192-bit / 1024-byte value of e is sent in each connection when targeting the diffie-hellman-group18-sha512 algorithm). Instead, it was observed that many SSH implementations accept small values, such as 4 bytes; this results in a much more network-efficient attack. .TP .B -g, \-\-gex-test= .br Runs a Diffie-Hellman Group Exchange modulus size test against a server. Diffie-Hellman requires the client and server to agree on a generator value and a modulus value. In the "Group Exchange" implementation of Diffie-Hellman, the client specifies the size of the modulus in bits by providing the server with minimum, preferred and maximum values. The server then finds a group that best matches the client's request, returning the corresponding generator and modulus. For a full explanation of this process see RFC 4419 and its successors. This test acts as a client by providing an SSH server with the size of a modulus and then obtains the size of the modulus returned by the server. Three types of syntax are supported: 1. A comma delimited list of modulus sizes. A test is performed against each value in the list where it acts as the minimum, preferred and maximum modulus size. 2. A set of three colon delimited values denoting minimum, preferred and maximum modulus size. A test is performed against each set. Multiple sets can specified as a comma separated list. 3. A range of modulus sizes with an optional step value. Step defaults to 1 if omitted. If the left value is greater than the right value, then the sequence operates from right to left. A test is performed against each value in the range where it acts as the minimum, preferred and maximum modulus size. Duplicates are excluded from the return value. .TP .B -j, \-\-json .br Output results in JSON format. Specify twice (-jj) to enable indent printing (useful for debugging). .TP .B -l, \-\-level= .br Specify the minimum output level. Default is info. .TP .B -L, \-\-list-policies .br List all official, built-in policies for common systems. Their full names can then be passed to -P/--policy. Add \-v to \-L to view policy change logs. .TP .B \-\-lookup= .br Look up the security information of an algorithm(s) in the internal database. Does not connect to a server. .TP .B -m, \-\-manual .br Print the man page (Docker, PyPI, Snap, and Windows builds only). .TP .B -M, \-\-make-policy= .br Creates a policy based on the target server. Useful when other servers should be compared to the target server's custom configuration (i.e.: a cluster environment). Note that the resulting policy can be edited manually. .TP .B -n, \-\-no-colors .br Disable color output. Automatically set when the NO_COLOR environment variable is set. .TP .B -p, \-\-port= .br The TCP port to connect to when auditing a server, or the port to listen on when auditing a client. .TP .B -P, \-\-policy=<"built-in policy name" | path/to/custom_policy.txt> .br Runs a policy audit against a target using the specified policy (see \fBPOLICY AUDIT\fP section for detailed description of this mode of operation). Combine with -c/--client-audit to audit a client configuration instead of a server. Use -L/--list-policies to list all official, built-in policies for common systems. .TP .B \-\-skip\-rate\-test .br Skips the connection rate test during standard audits. By default, a few dozen TCP connections are created with the target host to see if connection throttling is implemented (this can safely infer whether the target is vulnerable to the DHEat attack; see CVE-2002-20001). .TP .B -t, \-\-timeout= .br The timeout, in seconds, for creating connections and reading data from the socket. Default is 5. .TP .B -T, \-\-targets= .br A file containing a list of target hosts. Each line must have one host, in the format of HOST[:PORT]. Use -p/--port to set the default port for all hosts. Use --threads to control concurrent scans. .TP .B \-\-threads= .br The number of threads to use when scanning multiple targets (with -T/--targets). Default is 32. .TP .B -v, \-\-verbose .br Enable verbose output. .SH STANDARD AUDIT .PP By default, \fBssh-audit\fP performs a standard audit. That is, it enumerates all host key types, key exchanges, ciphers, MACs, and other information, then color-codes them in output to the user. Cryptographic primitives with potential issues are displayed in yellow; primitives with serious flaws are displayed in red. .SH POLICY AUDIT .PP When the -P/--policy option is used, \fBssh-audit\fP performs a policy audit. The target's host key types, key exchanges, ciphers, MACs, and other information is compared to a set of expected values defined in the specified policy file. If everything matches, only a short message stating a passing result is reported. Otherwise, the field(s) that did not match are reported. .PP Policy auditing is helpful for ensuring a group of related servers are properly hardened to an exact specification. .PP The set of official built-in policies can be viewed with -L/--list-policies. Multiple servers can be audited with -T/--targets=. Custom policies can be made from an ideal target server with -M/--make-policy=. .SH EXAMPLES .LP Basic server auditing: .RS .nf ssh-audit localhost ssh-audit 127.0.0.1 ssh-audit 127.0.0.1:222 ssh-audit ::1 ssh-audit [::1]:222 .fi .RE .LP To run a standard audit against many servers (place targets into servers.txt, one on each line in the format of HOST[:PORT]): .RS .nf ssh-audit -T servers.txt .fi .RE .LP To audit a client configuration (listens on port 2222 by default; connect using "ssh -p 2222 anything@localhost"): .RS .nf ssh-audit -c .fi .RE .LP To audit a client configuration, with a listener on port 4567: .RS .nf ssh-audit -c -p 4567 .fi .RE .LP To list all official built-in policies (hint: use their full names with -P/--policy): .RS .nf ssh-audit -L .fi .RE .LP To run a built-in policy audit against a server (hint: use -L to see list of built-in policies): .RS .nf ssh-audit -P "Hardened Ubuntu Server 20.04 LTS (version 1)" targetserver .fi .RE .LP To run a custom policy audit against a server (hint: use -M/--make-policy to create a custom policy file): .RS .nf ssh-audit -P path/to/server_policy.txt targetserver .fi .RE .LP To run a policy audit against a client: .RS .nf ssh-audit -c -P ["policy name" | path/to/client_policy.txt] .fi .RE .LP To run a policy audit against many servers: .RS .nf ssh-audit -T servers.txt -P ["policy name" | path/to/server_policy.txt] .fi .RE .LP To create a policy based on a target server (which can be manually edited; see official built-in policies for syntax examples): .RS .nf ssh-audit -M new_policy.txt targetserver .fi .RE .LP To run a Diffie-Hellman Group Exchange modulus size test using the values 2000 bits, 3000 bits, 4000 bits and 5000 bits: .RS .nf ssh-audit targetserver --gex-test=2000,3000,4000,5000 .fi .RE .LP To run a Diffie-Hellman Group Exchange modulus size test where 2048 bits is the minimum, 3072 bits is the preferred and 5000 bits is the maximum: .RS .nf ssh-audit targetserver --gex-test=2048:3072:5000 .fi .RE .LP To run a Diffie-Hellman Group Exchange modulus size test from 0 bits to 5120 bits in increments of 1024 bits: .RS .nf ssh-audit targetserver --gex-test=0-5120:1024 .fi .RE .LP To run the DHEat DoS attack (monitor the target server's CPU usage to determine the optimal number of concurrent sockets): .RS .nf ssh-audit targetserver --dheat=10 .fi .RE .LP To run the DHEat attack and manually target the diffie-hellman-group-exchange-sha256 algorithm: .RS .nf ssh-audit targetserver --dheat=10:diffie-hellman-group-exchange-sha256 .fi .RE .LP To run the DHEat attack and manually target the diffie-hellman-group-exchange-sha256 algorithm with a very small length of e (resulting in the same effect but without having to send large packets): .RS .nf ssh-audit targetserver --dheat=10:diffie-hellman-group-exchange-sha256:4 .fi .RE .LP To test the number of successful connections per second that can be created with the target using 8 parallel threads (useful for detecting whether connection throttling is implemented by the target): .RS .nf ssh-audit targetserver --conn-rate-test=8 .fi .RE .LP To use 8 parallel threads to create up to 100 connections per second with the target (useful for understanding how much CPU load is caused on the target simply from handling new connections vs excess modular exponentiation when performing the DHEat attack): .RS .nf ssh-audit targetserver --conn-rate-test=8:100 .fi .RE .SH RETURN VALUES When a successful connection is made and all algorithms are rated as "good", \fBssh-audit\fP returns 0. Other possible return values are: .RS .nf 1 = connection error 2 = at least one algorithm warning was found 3 = at least one algorithm failure was found = unknown error .fi .RE .SH SSH HARDENING GUIDES Hardening guides for common platforms can be found at: .SH BUG REPORTS Please file bug reports as a Github Issue at: .SH AUTHOR .LP \fBssh-audit\fP was originally written by Andris Raugulis , and maintained from 2015 to 2017. .br .LP Maintainership was assumed and development was resumed in 2017 by Joe Testa . ssh-audit-3.3.0/ssh-audit.py000077500000000000000000000011771470352310600157030ustar00rootroot00000000000000#!/usr/bin/env python3 """src/ssh_audit/ssh_audit.py wrapper for backwards compatibility""" import multiprocessing import sys import traceback from pathlib import Path sys.path.insert(0, str(Path(__file__).resolve().parent / "src")) from ssh_audit.ssh_audit import main # noqa: E402 from ssh_audit import exitcodes # noqa: E402 if __name__ == "__main__": multiprocessing.freeze_support() # Needed for PyInstaller (Windows) builds. exit_code = exitcodes.GOOD try: exit_code = main() except Exception: exit_code = exitcodes.UNKNOWN_ERROR print(traceback.format_exc()) sys.exit(exit_code) ssh-audit-3.3.0/test/000077500000000000000000000000001470352310600143765ustar00rootroot00000000000000ssh-audit-3.3.0/test/conftest.py000066400000000000000000000102341470352310600165750ustar00rootroot00000000000000import io import sys import socket import pytest @pytest.fixture(scope='module') def ssh_audit(): import ssh_audit.ssh_audit return ssh_audit.ssh_audit # pylint: disable=attribute-defined-outside-init class _OutputSpy(list): def begin(self): self.__out = io.StringIO() self.__old_stdout = sys.stdout sys.stdout = self.__out def flush(self): lines = self.__out.getvalue().splitlines() sys.stdout = self.__old_stdout self.__out = None return lines @pytest.fixture(scope='module') def output_spy(): return _OutputSpy() class _VirtualGlobalSocket: def __init__(self, vsocket): self.vsocket = vsocket self.addrinfodata = {} # pylint: disable=unused-argument def create_connection(self, address, timeout=0, source_address=None): # pylint: disable=protected-access return self.vsocket._connect(address, True) # pylint: disable=unused-argument def socket(self, family=socket.AF_INET, socktype=socket.SOCK_STREAM, proto=0, fileno=None): return self.vsocket def getaddrinfo(self, host, port, family=0, socktype=0, proto=0, flags=0): key = '{}#{}'.format(host, port) if key in self.addrinfodata: data = self.addrinfodata[key] if isinstance(data, Exception): raise data return data if host == 'localhost': r = [] if family in (0, socket.AF_INET): r.append((socket.AF_INET, 1, 6, '', ('127.0.0.1', port))) if family in (0, socket.AF_INET6): r.append((socket.AF_INET6, 1, 6, '', ('::1', port))) return r return [] class _VirtualSocket: def __init__(self): self.sock_address = ('127.0.0.1', 0) self.peer_address = None self._connected = False self.timeout = -1.0 self.rdata = [] self.sdata = [] self.errors = {} self.blocking = False self.gsock = _VirtualGlobalSocket(self) def _check_err(self, method): method_error = self.errors.get(method) if method_error: raise method_error def connect(self, address): return self._connect(address, False) def connect_ex(self, address): return self.connect(address) def _connect(self, address, ret=True): self.peer_address = address self._connected = True self._check_err('connect') return self if ret else None def setblocking(self, r: bool): self.blocking = r def settimeout(self, timeout): self.timeout = timeout def gettimeout(self): return self.timeout def getpeername(self): if self.peer_address is None or not self._connected: raise OSError(57, 'Socket is not connected') return self.peer_address def getsockname(self): return self.sock_address def bind(self, address): self.sock_address = address def listen(self, backlog): pass def accept(self): # pylint: disable=protected-access conn = _VirtualSocket() conn.sock_address = self.sock_address conn.peer_address = ('127.0.0.1', 0) conn._connected = True return conn, conn.peer_address def recv(self, bufsize, flags=0): # pylint: disable=unused-argument if not self._connected: raise OSError(54, 'Connection reset by peer') if not len(self.rdata) > 0: return b'' data = self.rdata.pop(0) if isinstance(data, Exception): raise data return data def send(self, data): if self.peer_address is None or not self._connected: raise OSError(32, 'Broken pipe') self._check_err('send') self.sdata.append(data) @pytest.fixture() def virtual_socket(monkeypatch): vsocket = _VirtualSocket() gsock = vsocket.gsock monkeypatch.setattr(socket, 'create_connection', gsock.create_connection) monkeypatch.setattr(socket, 'socket', gsock.socket) monkeypatch.setattr(socket, 'getaddrinfo', gsock.getaddrinfo) return vsocket ssh-audit-3.3.0/test/docker/000077500000000000000000000000001470352310600156455ustar00rootroot00000000000000ssh-audit-3.3.0/test/docker/.ed25519.sk000066400000000000000000000001001470352310600172470ustar00rootroot00000000000000iܛV违Z/D<|Sz=:1vu}Jݷ"^Bb&UP CJ?ssh-audit-3.3.0/test/docker/Dockerfile000066400000000000000000000014541470352310600176430ustar00rootroot00000000000000FROM ubuntu:16.04 COPY openssh-4.0p1/sshd /openssh/sshd-4.0p1 COPY openssh-5.6p1/sshd /openssh/sshd-5.6p1 COPY openssh-8.0p1/sshd /openssh/sshd-8.0p1 COPY dropbear-2019.78/dropbear /dropbear/dropbear-2019.78 COPY tinyssh-20190101/build/bin/tinysshd /tinysshd/tinyssh-20190101 # Dropbear host keys. COPY dropbear_*_host_key* /etc/dropbear/ # OpenSSH configs. COPY sshd_config* /etc/ssh/ # OpenSSH host keys & moduli file. COPY ssh_host_* /etc/ssh/ COPY ssh1_host_* /etc/ssh/ COPY moduli_1024 /usr/local/etc/moduli # TinySSH host keys. COPY ed25519.pk /etc/tinyssh/ COPY .ed25519.sk /etc/tinyssh/ COPY debug.sh /debug.sh RUN apt update 2> /dev/null RUN apt install -y libssl-dev strace rsyslog ucspi-tcp 2> /dev/null RUN apt clean 2> /dev/null RUN useradd -s /bin/false sshd RUN mkdir /var/empty EXPOSE 22 ssh-audit-3.3.0/test/docker/debug.sh000077500000000000000000000003531470352310600172730ustar00rootroot00000000000000#!/bin/bash # This script is run on in docker container. It will enable logging for sshd in # /var/log/auth.log. /etc/init.d/rsyslog start sleep 1 /openssh/sshd-5.6p1 -o LogLevel=DEBUG3 -f /etc/ssh/sshd_config-5.6p1_test1 /bin/bash ssh-audit-3.3.0/test/docker/dropbear_dss_host_key000066400000000000000000000007121470352310600221440ustar00rootroot00000000000000ssh-dssGT|^3@Ud6^,U|t%simN]:nW"Wp`G=ex gBסz[t)-5K*56/Q}H Ws[sqFĞ'ԃnmʚa߁4y&G4%! ٛED$ssh-audit-3.3.0/test/docker/dropbear_ecdsa_host_key000066400000000000000000000002151470352310600224300ustar00rootroot00000000000000ecdsa-sha2-nistp256nistp256As/²2 U9̀W(@JuE˱}[tNrPbWm1M!ĺ͊j_0m՟a?=X7)ssh-audit-3.3.0/test/docker/dropbear_rsa_host_key_1024000066400000000000000000000006451470352310600226130ustar00rootroot00000000000000ssh-rsa޳0C2O6{zLiWK6- ^Ð,! (u-|م 9T%yŧ>%J ʶ+6ysPK]ת4p!|w뵘WK<+1p[0&>;4i[eFdC 0͇ 4nB?W|LfaALlZ`q׿|0d!eYq,9iA/qꨵ=m&StWD 0X]1rG0sܕUT^fHsJuAe˞v$eXfw>R|A1 5*YA"m/K)Xssh-audit-3.3.0/test/docker/dropbear_rsa_host_key_3072000066400000000000000000000022451470352310600226160ustar00rootroot00000000000000ssh-rsa0b #PyАM[Ij}D~g2kH챵d3)&{ba {)Wg2|P-aBË|KѾW=ݬݻmH)+I.iD9oe`MѠ\{f>B3d9R_t{>IٯqA%/UIK (q<̎kVkut ~F-v@28M͔>;7NG gj+E,, ^']w͕8'Uro ^fug- gtt5k0O榯揋oWf}{#k|5Jg愠nn Cn"5& "yTq,@~gyXdEL{ML%Di"n22E+T'sV_%p7& Q<P%3֧ѽꥹtw>'4`k歭ABO26I+~> 4:N}<>ZgB= wM|9‘avd3 ssh-audit-3.3.0/test/docker/expected_results/openssh_4.0p1_test1.json000066400000000000000000000300501470352310600255410ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "1.99", "raw": "SSH-1.99-OpenSSH_4.0", "software": "OpenSSH_4.0" }, "compression": [ "none", "zlib" ], "cves": [], "enc": [ { "algorithm": "aes128-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "3des-cbc", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "blowfish-cbc", "notes": { "fail": [ "using weak & deprecated Blowfish cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "cast128-cbc", "notes": { "fail": [ "using weak & deprecated CAST cipher" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "arcfour", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 2.1.0" ] } }, { "algorithm": "aes192-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes256-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.47" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "rijndael-cbc@lysator.liu.se", "notes": { "fail": [ "using deprecated & non-standardized Rijndael cipher" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } } ], "fingerprints": [ { "hash": "sqDDYhzYz7YIQeFDc0WF8SeXtrEz+iwsV7d/FdIgztM", "hash_alg": "SHA256", "hostkey": "ssh-dss" }, { "hash": "5c:de:62:f0:60:c8:93:13:87:71:78:95:56:3f:61:51", "hash_alg": "MD5", "hostkey": "ssh-dss" }, { "hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 2.3.0" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group1-sha1", "notes": { "fail": [ "using small 1024-bit modulus", "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)", "using broken SHA-1 hash algorithm" ], "info": [ "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9", "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ] } } ], "key": [ { "algorithm": "ssh-rsa", "keysize": 1024, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ssh-dss", "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using weak random number generator could reveal the key" ] } } ], "mac": [ { "algorithm": "hmac-md5", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-ripemd160", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-ripemd160@openssh.com", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1-96", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0, Dropbear SSH 0.47" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-md5-96", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "del": { "enc": [ { "name": "3des-cbc", "notes": "" }, { "name": "arcfour", "notes": "" }, { "name": "blowfish-cbc", "notes": "" }, { "name": "cast128-cbc", "notes": "" }, { "name": "rijndael-cbc@lysator.liu.se", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "diffie-hellman-group1-sha1", "notes": "" }, { "name": "diffie-hellman-group-exchange-sha1", "notes": "" } ], "key": [ { "name": "ssh-dss", "notes": "" }, { "name": "ssh-rsa", "notes": "" } ], "mac": [ { "name": "hmac-md5", "notes": "" }, { "name": "hmac-md5-96", "notes": "" }, { "name": "hmac-ripemd160", "notes": "" }, { "name": "hmac-ripemd160@openssh.com", "notes": "" }, { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-96", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "aes128-cbc", "notes": "" }, { "name": "aes192-cbc", "notes": "" }, { "name": "aes256-cbc", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_4.0p1_test1.txt000066400000000000000000000206011470352310600254100ustar00rootroot00000000000000# general (gen) banner: SSH-1.99-OpenSSH_4.0 (gen) protocol SSH1 enabled (gen) software: OpenSSH 4.0 (gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) (gen) compression: enabled (zlib) # security (sec) SSH v1 enabled -- SSH v1 can be exploited to recover plaintext passwords # key exchange algorithms (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.3.0 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus  `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)  `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-dss -- [fail] using small 1024-bit modulus  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # encryption algorithms (ciphers) (enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 (enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 (enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 (enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 (enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 (enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 # message authentication code algorithms (mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 (mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 (mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 (mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 # fingerprints (fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 # algorithm recommendations (for OpenSSH 4.0) (rec) -3des-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -blowfish-cbc -- enc algorithm to remove  (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-dss -- key algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  (rec) -aes256-cbc -- enc algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json000066400000000000000000000002321470352310600305200ustar00rootroot00000000000000{ "errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test1 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt000066400000000000000000000001361470352310600303710ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test1 (version 1) Result: ✔ Passed ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json000066400000000000000000000013611470352310600306040ustar00rootroot00000000000000{ "errors": [ { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (ssh-rsa-cert-v01@openssh.com) sizes" }, { "actual": [ "1024" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "CA signature size (ssh-rsa)" } ], "host": "localhost", "passed": false, "policy": "Docker poliicy: test10 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt000066400000000000000000000037511470352310600304570ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker poliicy: test10 (version 1) Result: ❌ Failed!  Errors: * CA signature size (ssh-rsa) did not match. - Expected: 4096 - Actual: 1024 * Host key (ssh-rsa-cert-v01@openssh.com) sizes did not match. - Expected: 4096 - Actual: 3072  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json000066400000000000000000000012031470352310600305200ustar00rootroot00000000000000{ "errors": [ { "actual": [ "diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1" ], "expected_optional": [ "" ], "expected_required": [ "kex_alg1", "kex_alg2" ], "mismatched_field": "Key exchanges" } ], "host": "localhost", "passed": false, "policy": "Docker policy: test2 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt000066400000000000000000000005121470352310600303700ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test2 (version 1) Result: ❌ Failed!  Errors: * Key exchanges did not match. - Expected: kex_alg1, kex_alg2 - Actual: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json000066400000000000000000000010041470352310600305200ustar00rootroot00000000000000{ "errors": [ { "actual": [ "ssh-rsa", "ssh-dss" ], "expected_optional": [ "" ], "expected_required": [ "ssh-rsa", "ssh-dss", "key_alg1" ], "mismatched_field": "Host keys" } ], "host": "localhost", "passed": false, "policy": "Docker policy: test3 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt000066400000000000000000000003351470352310600303740ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test3 (version 1) Result: ❌ Failed!  Errors: * Host keys did not match. - Expected: ssh-rsa, ssh-dss, key_alg1 - Actual: ssh-rsa, ssh-dss  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json000066400000000000000000000015151470352310600305300ustar00rootroot00000000000000{ "errors": [ { "actual": [ "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se" ], "expected_optional": [ "" ], "expected_required": [ "cipher_alg1", "cipher_alg2" ], "mismatched_field": "Ciphers" } ], "host": "localhost", "passed": false, "policy": "Docker policy: test4 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt000066400000000000000000000005621470352310600303770ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test4 (version 1) Result: ❌ Failed!  Errors: * Ciphers did not match. - Expected: cipher_alg1, cipher_alg2 - Actual: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json000066400000000000000000000015221470352310600305270ustar00rootroot00000000000000{ "errors": [ { "actual": [ "hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96" ], "expected_optional": [ "" ], "expected_required": [ "hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac_alg1", "hmac-md5-96" ], "mismatched_field": "MACs" } ], "host": "localhost", "passed": false, "policy": "Docker policy: test5 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt000066400000000000000000000006111470352310600303730ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test5 (version 1) Result: ❌ Failed!  Errors: * MACs did not match. - Expected: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac_alg1, hmac-md5-96 - Actual: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json000066400000000000000000000002331470352310600305270ustar00rootroot00000000000000{ "errors": [], "host": "localhost", "passed": true, "policy": "Docker poliicy: test7 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt000066400000000000000000000034151470352310600304020ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker poliicy: test7 (version 1) Result: ✔ Passed ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json000066400000000000000000000006771470352310600305440ustar00rootroot00000000000000{ "errors": [ { "actual": [ "1024" ], "expected_optional": [ "" ], "expected_required": [ "2048" ], "mismatched_field": "CA signature size (ssh-rsa)" } ], "host": "localhost", "passed": false, "policy": "Docker poliicy: test8 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt000066400000000000000000000035741470352310600304110ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker poliicy: test8 (version 1) Result: ❌ Failed!  Errors: * CA signature size (ssh-rsa) did not match. - Expected: 2048 - Actual: 1024  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json000066400000000000000000000007211470352310600305330ustar00rootroot00000000000000{ "errors": [ { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (ssh-rsa-cert-v01@openssh.com) sizes" } ], "host": "localhost", "passed": false, "policy": "Docker poliicy: test9 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt000066400000000000000000000036161470352310600304070ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker poliicy: test9 (version 1) Result: ❌ Failed!  Errors: * Host key (ssh-rsa-cert-v01@openssh.com) sizes did not match. - Expected: 4096 - Actual: 3072  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test1.json000066400000000000000000000337311470352310600255610ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "arcfour256", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "arcfour128", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "aes128-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "3des-cbc", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "blowfish-cbc", "notes": { "fail": [ "using weak & deprecated Blowfish cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "cast128-cbc", "notes": { "fail": [ "using weak & deprecated CAST cipher" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "aes192-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes256-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.47" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "arcfour", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 2.1.0" ] } }, { "algorithm": "rijndael-cbc@lysator.liu.se", "notes": { "fail": [ "using deprecated & non-standardized Rijndael cipher" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } } ], "fingerprints": [ { "hash": "sqDDYhzYz7YIQeFDc0WF8SeXtrEz+iwsV7d/FdIgztM", "hash_alg": "SHA256", "hostkey": "ssh-dss" }, { "hash": "5c:de:62:f0:60:c8:93:13:87:71:78:95:56:3f:61:51", "hash_alg": "MD5", "hostkey": "ssh-dss" }, { "hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 4.4" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 2.3.0" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group1-sha1", "notes": { "fail": [ "using small 1024-bit modulus", "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)", "using broken SHA-1 hash algorithm" ], "info": [ "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9", "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ] } } ], "key": [ { "algorithm": "ssh-rsa", "keysize": 1024, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ssh-dss", "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using weak random number generator could reveal the key" ] } } ], "mac": [ { "algorithm": "hmac-md5", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "umac-64@openssh.com", "notes": { "info": [ "available since OpenSSH 4.7" ], "warn": [ "using encrypt-and-MAC mode", "using small 64-bit tag size" ] } }, { "algorithm": "hmac-ripemd160", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-ripemd160@openssh.com", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1-96", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0, Dropbear SSH 0.47" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-md5-96", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "chg": { "kex": [ { "name": "diffie-hellman-group-exchange-sha256", "notes": "increase modulus size to 3072 bits or larger" } ] }, "del": { "enc": [ { "name": "3des-cbc", "notes": "" }, { "name": "arcfour128", "notes": "" }, { "name": "arcfour", "notes": "" }, { "name": "arcfour256", "notes": "" }, { "name": "blowfish-cbc", "notes": "" }, { "name": "cast128-cbc", "notes": "" }, { "name": "rijndael-cbc@lysator.liu.se", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "diffie-hellman-group1-sha1", "notes": "" }, { "name": "diffie-hellman-group-exchange-sha1", "notes": "" } ], "key": [ { "name": "ssh-dss", "notes": "" }, { "name": "ssh-rsa", "notes": "" } ], "mac": [ { "name": "hmac-md5", "notes": "" }, { "name": "hmac-md5-96", "notes": "" }, { "name": "hmac-ripemd160", "notes": "" }, { "name": "hmac-ripemd160@openssh.com", "notes": "" }, { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-96", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "aes128-cbc", "notes": "" }, { "name": "aes192-cbc", "notes": "" }, { "name": "aes256-cbc", "notes": "" } ], "mac": [ { "name": "umac-64@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test1.txt000066400000000000000000000230371470352310600254250ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_5.6 (gen) software: OpenSSH 5.6 (gen) compatibility: OpenSSH 4.7-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.3.0 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus  `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)  `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-dss -- [fail] using small 1024-bit modulus  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 (enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 (enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 (enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 (enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 (enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms (mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 (mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 (mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 (mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 (mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 # fingerprints (fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  (rec) -blowfish-cbc -- enc algorithm to remove  (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-dss -- key algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  (rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test2.json000066400000000000000000000334321470352310600255600ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "arcfour256", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "arcfour128", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "aes128-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "3des-cbc", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "blowfish-cbc", "notes": { "fail": [ "using weak & deprecated Blowfish cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "cast128-cbc", "notes": { "fail": [ "using weak & deprecated CAST cipher" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "aes192-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes256-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.47" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "arcfour", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 2.1.0" ] } }, { "algorithm": "rijndael-cbc@lysator.liu.se", "notes": { "fail": [ "using deprecated & non-standardized Rijndael cipher" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } } ], "fingerprints": [ { "hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 4.4" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 2.3.0" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group1-sha1", "notes": { "fail": [ "using small 1024-bit modulus", "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)", "using broken SHA-1 hash algorithm" ], "info": [ "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9", "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ] } } ], "key": [ { "algorithm": "ssh-rsa", "keysize": 1024, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ssh-rsa-cert-v01@openssh.com", "ca_algorithm": "ssh-rsa", "casize": 1024, "keysize": 1024, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit hostkey modulus", "using small 1024-bit CA key modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 5.6" ] } } ], "mac": [ { "algorithm": "hmac-md5", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "umac-64@openssh.com", "notes": { "info": [ "available since OpenSSH 4.7" ], "warn": [ "using encrypt-and-MAC mode", "using small 64-bit tag size" ] } }, { "algorithm": "hmac-ripemd160", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-ripemd160@openssh.com", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1-96", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0, Dropbear SSH 0.47" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-md5-96", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "chg": { "kex": [ { "name": "diffie-hellman-group-exchange-sha256", "notes": "increase modulus size to 3072 bits or larger" } ] }, "del": { "enc": [ { "name": "3des-cbc", "notes": "" }, { "name": "arcfour128", "notes": "" }, { "name": "arcfour", "notes": "" }, { "name": "arcfour256", "notes": "" }, { "name": "blowfish-cbc", "notes": "" }, { "name": "cast128-cbc", "notes": "" }, { "name": "rijndael-cbc@lysator.liu.se", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "diffie-hellman-group1-sha1", "notes": "" }, { "name": "diffie-hellman-group-exchange-sha1", "notes": "" } ], "key": [ { "name": "ssh-rsa", "notes": "" }, { "name": "ssh-rsa-cert-v01@openssh.com", "notes": "" } ], "mac": [ { "name": "hmac-md5", "notes": "" }, { "name": "hmac-md5-96", "notes": "" }, { "name": "hmac-ripemd160", "notes": "" }, { "name": "hmac-ripemd160@openssh.com", "notes": "" }, { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-96", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "aes128-cbc", "notes": "" }, { "name": "aes192-cbc", "notes": "" }, { "name": "aes256-cbc", "notes": "" } ], "mac": [ { "name": "umac-64@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test2.txt000066400000000000000000000233261470352310600254270ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_5.6 (gen) software: OpenSSH 5.6 (gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.3.0 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus  `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)  `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit hostkey modulus  `- [fail] using small 1024-bit CA key modulus `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 (enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 (enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 (enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 (enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 (enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms (mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 (mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 (mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 (mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 (mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 # fingerprints (fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  (rec) -blowfish-cbc -- enc algorithm to remove  (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  (rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test3.json000066400000000000000000000333371470352310600255650ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "arcfour256", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "arcfour128", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "aes128-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "3des-cbc", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "blowfish-cbc", "notes": { "fail": [ "using weak & deprecated Blowfish cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "cast128-cbc", "notes": { "fail": [ "using weak & deprecated CAST cipher" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "aes192-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes256-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.47" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "arcfour", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 2.1.0" ] } }, { "algorithm": "rijndael-cbc@lysator.liu.se", "notes": { "fail": [ "using deprecated & non-standardized Rijndael cipher" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } } ], "fingerprints": [ { "hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 4.4" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 2.3.0" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group1-sha1", "notes": { "fail": [ "using small 1024-bit modulus", "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)", "using broken SHA-1 hash algorithm" ], "info": [ "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9", "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ] } } ], "key": [ { "algorithm": "ssh-rsa", "keysize": 1024, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ssh-rsa-cert-v01@openssh.com", "ca_algorithm": "ssh-rsa", "casize": 3072, "keysize": 1024, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit hostkey modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 5.6" ] } } ], "mac": [ { "algorithm": "hmac-md5", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "umac-64@openssh.com", "notes": { "info": [ "available since OpenSSH 4.7" ], "warn": [ "using encrypt-and-MAC mode", "using small 64-bit tag size" ] } }, { "algorithm": "hmac-ripemd160", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-ripemd160@openssh.com", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1-96", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0, Dropbear SSH 0.47" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-md5-96", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "chg": { "kex": [ { "name": "diffie-hellman-group-exchange-sha256", "notes": "increase modulus size to 3072 bits or larger" } ] }, "del": { "enc": [ { "name": "3des-cbc", "notes": "" }, { "name": "arcfour128", "notes": "" }, { "name": "arcfour", "notes": "" }, { "name": "arcfour256", "notes": "" }, { "name": "blowfish-cbc", "notes": "" }, { "name": "cast128-cbc", "notes": "" }, { "name": "rijndael-cbc@lysator.liu.se", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "diffie-hellman-group1-sha1", "notes": "" }, { "name": "diffie-hellman-group-exchange-sha1", "notes": "" } ], "key": [ { "name": "ssh-rsa", "notes": "" }, { "name": "ssh-rsa-cert-v01@openssh.com", "notes": "" } ], "mac": [ { "name": "hmac-md5", "notes": "" }, { "name": "hmac-md5-96", "notes": "" }, { "name": "hmac-ripemd160", "notes": "" }, { "name": "hmac-ripemd160@openssh.com", "notes": "" }, { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-96", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "aes128-cbc", "notes": "" }, { "name": "aes192-cbc", "notes": "" }, { "name": "aes256-cbc", "notes": "" } ], "mac": [ { "name": "umac-64@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test3.txt000066400000000000000000000231321470352310600254230ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_5.6 (gen) software: OpenSSH 5.6 (gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.3.0 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus  `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)  `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms (key) ssh-rsa (1024-bit) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit hostkey modulus `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 (enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 (enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 (enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 (enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 (enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms (mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 (mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 (mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 (mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 (mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 # fingerprints (fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  (rec) -blowfish-cbc -- enc algorithm to remove  (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  (rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test4.json000066400000000000000000000332521470352310600255620ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "arcfour256", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "arcfour128", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "aes128-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "3des-cbc", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "blowfish-cbc", "notes": { "fail": [ "using weak & deprecated Blowfish cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "cast128-cbc", "notes": { "fail": [ "using weak & deprecated CAST cipher" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "aes192-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes256-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.47" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "arcfour", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 2.1.0" ] } }, { "algorithm": "rijndael-cbc@lysator.liu.se", "notes": { "fail": [ "using deprecated & non-standardized Rijndael cipher" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } } ], "fingerprints": [ { "hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 4.4" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 2.3.0" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group1-sha1", "notes": { "fail": [ "using small 1024-bit modulus", "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)", "using broken SHA-1 hash algorithm" ], "info": [ "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9", "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ] } } ], "key": [ { "algorithm": "ssh-rsa", "keysize": 3072, "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ssh-rsa-cert-v01@openssh.com", "ca_algorithm": "ssh-rsa", "casize": 1024, "keysize": 3072, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit CA key modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 5.6" ] } } ], "mac": [ { "algorithm": "hmac-md5", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "umac-64@openssh.com", "notes": { "info": [ "available since OpenSSH 4.7" ], "warn": [ "using encrypt-and-MAC mode", "using small 64-bit tag size" ] } }, { "algorithm": "hmac-ripemd160", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-ripemd160@openssh.com", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1-96", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0, Dropbear SSH 0.47" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-md5-96", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "chg": { "kex": [ { "name": "diffie-hellman-group-exchange-sha256", "notes": "increase modulus size to 3072 bits or larger" } ] }, "del": { "enc": [ { "name": "3des-cbc", "notes": "" }, { "name": "arcfour128", "notes": "" }, { "name": "arcfour", "notes": "" }, { "name": "arcfour256", "notes": "" }, { "name": "blowfish-cbc", "notes": "" }, { "name": "cast128-cbc", "notes": "" }, { "name": "rijndael-cbc@lysator.liu.se", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "diffie-hellman-group1-sha1", "notes": "" }, { "name": "diffie-hellman-group-exchange-sha1", "notes": "" } ], "key": [ { "name": "ssh-rsa", "notes": "" }, { "name": "ssh-rsa-cert-v01@openssh.com", "notes": "" } ], "mac": [ { "name": "hmac-md5", "notes": "" }, { "name": "hmac-md5-96", "notes": "" }, { "name": "hmac-ripemd160", "notes": "" }, { "name": "hmac-ripemd160@openssh.com", "notes": "" }, { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-96", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "aes128-cbc", "notes": "" }, { "name": "aes192-cbc", "notes": "" }, { "name": "aes256-cbc", "notes": "" } ], "mac": [ { "name": "umac-64@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test4.txt000066400000000000000000000227731470352310600254360ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_5.6 (gen) software: OpenSSH 5.6 (gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.3.0 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus  `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)  `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms (key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm  `- [fail] using small 1024-bit CA key modulus `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 (enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 (enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 (enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 (enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 (enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms (mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 (mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 (mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 (mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 (mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 # fingerprints (fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244 # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  (rec) -blowfish-cbc -- enc algorithm to remove  (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  (rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test5.json000066400000000000000000000331571470352310600255670ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "arcfour256", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "arcfour128", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 4.2" ] } }, { "algorithm": "aes128-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "3des-cbc", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "blowfish-cbc", "notes": { "fail": [ "using weak & deprecated Blowfish cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "cast128-cbc", "notes": { "fail": [ "using weak & deprecated CAST cipher" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } }, { "algorithm": "aes192-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes256-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.47" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "arcfour", "notes": { "fail": [ "using broken RC4 cipher" ], "info": [ "available since OpenSSH 2.1.0" ] } }, { "algorithm": "rijndael-cbc@lysator.liu.se", "notes": { "fail": [ "using deprecated & non-standardized Rijndael cipher" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.3.0" ], "warn": [ "using weak cipher mode" ] } } ], "fingerprints": [ { "hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 4.4" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024, "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "available since OpenSSH 2.3.0" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group1-sha1", "notes": { "fail": [ "using small 1024-bit modulus", "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)", "using broken SHA-1 hash algorithm" ], "info": [ "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9", "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ] } } ], "key": [ { "algorithm": "ssh-rsa", "keysize": 3072, "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ssh-rsa-cert-v01@openssh.com", "ca_algorithm": "ssh-rsa", "casize": 3072, "keysize": 3072, "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 5.6" ] } } ], "mac": [ { "algorithm": "hmac-md5", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "umac-64@openssh.com", "notes": { "info": [ "available since OpenSSH 4.7" ], "warn": [ "using encrypt-and-MAC mode", "using small 64-bit tag size" ] } }, { "algorithm": "hmac-ripemd160", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-ripemd160@openssh.com", "notes": { "fail": [ "using deprecated RIPEMD hash algorithm" ], "info": [ "available since OpenSSH 2.1.0" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1-96", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0, Dropbear SSH 0.47" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-md5-96", "notes": { "fail": [ "using broken MD5 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "chg": { "kex": [ { "name": "diffie-hellman-group-exchange-sha256", "notes": "increase modulus size to 3072 bits or larger" } ] }, "del": { "enc": [ { "name": "3des-cbc", "notes": "" }, { "name": "arcfour128", "notes": "" }, { "name": "arcfour", "notes": "" }, { "name": "arcfour256", "notes": "" }, { "name": "blowfish-cbc", "notes": "" }, { "name": "cast128-cbc", "notes": "" }, { "name": "rijndael-cbc@lysator.liu.se", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "diffie-hellman-group1-sha1", "notes": "" }, { "name": "diffie-hellman-group-exchange-sha1", "notes": "" } ], "key": [ { "name": "ssh-rsa", "notes": "" }, { "name": "ssh-rsa-cert-v01@openssh.com", "notes": "" } ], "mac": [ { "name": "hmac-md5", "notes": "" }, { "name": "hmac-md5-96", "notes": "" }, { "name": "hmac-ripemd160", "notes": "" }, { "name": "hmac-ripemd160@openssh.com", "notes": "" }, { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-96", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "aes128-cbc", "notes": "" }, { "name": "aes192-cbc", "notes": "" }, { "name": "aes256-cbc", "notes": "" } ], "mac": [ { "name": "umac-64@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_5.6p1_test5.txt000066400000000000000000000225771470352310600254410ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_5.6 (gen) software: OpenSSH 5.6 (gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 2.3.0 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 (kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus  `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)  `- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9 # host-key algorithms (key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 5.6 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 # encryption algorithms (ciphers) (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) arcfour256 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) arcfour128 -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 4.2 (enc) aes128-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 (enc) 3des-cbc -- [fail] using broken & deprecated 3DES cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) blowfish-cbc -- [fail] using weak & deprecated Blowfish cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 (enc) cast128-cbc -- [fail] using weak & deprecated CAST cipher  `- [warn] using weak cipher mode  `- [warn] using small 64-bit block size `- [info] available since OpenSSH 2.1.0 (enc) aes192-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 (enc) aes256-cbc -- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 (enc) arcfour -- [fail] using broken RC4 cipher `- [info] available since OpenSSH 2.1.0 (enc) rijndael-cbc@lysator.liu.se -- [fail] using deprecated & non-standardized Rijndael cipher  `- [warn] using weak cipher mode `- [info] available since OpenSSH 2.3.0 `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0 # message authentication code algorithms (mac) hmac-md5 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 (mac) hmac-ripemd160 -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 (mac) hmac-ripemd160@openssh.com -- [fail] using deprecated RIPEMD hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0 (mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 (mac) hmac-md5-96 -- [fail] using broken MD5 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.5.0 # fingerprints (fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244 # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -arcfour -- enc algorithm to remove  (rec) -arcfour128 -- enc algorithm to remove  (rec) -arcfour256 -- enc algorithm to remove  (rec) -blowfish-cbc -- enc algorithm to remove  (rec) -cast128-cbc -- enc algorithm to remove  (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-md5 -- mac algorithm to remove  (rec) -hmac-md5-96 -- mac algorithm to remove  (rec) -hmac-ripemd160 -- mac algorithm to remove  (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  (rec) -aes256-cbc -- enc algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json000066400000000000000000000020601470352310600306520ustar00rootroot00000000000000{ "errors": [ { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (rsa-sha2-256) sizes" }, { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (rsa-sha2-512) sizes" }, { "actual": [ "4096" ], "expected_optional": [ "" ], "expected_required": [ "3072" ], "mismatched_field": "Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes" } ], "host": "localhost", "passed": false, "policy": "Hardened OpenSSH Server v8.0 (version 4)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt000066400000000000000000000006651470352310600305310ustar00rootroot00000000000000Host: localhost:2222 Policy: Hardened OpenSSH Server v8.0 (version 4) Result: ❌ Failed!  Errors: * Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match. - Expected: 3072 - Actual: 4096 * Host key (rsa-sha2-256) sizes did not match. - Expected: 4096 - Actual: 3072 * Host key (rsa-sha2-512) sizes did not match. - Expected: 4096 - Actual: 3072  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json000066400000000000000000000034521470352310600306610ustar00rootroot00000000000000{ "errors": [ { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (rsa-sha2-256) sizes" }, { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (rsa-sha2-512) sizes" }, { "actual": [ "umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1" ], "expected_optional": [ "" ], "expected_required": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "umac-128-etm@openssh.com" ], "mismatched_field": "MACs" }, { "actual": [ "4096" ], "expected_optional": [ "" ], "expected_required": [ "3072" ], "mismatched_field": "Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes" } ], "host": "localhost", "passed": false, "policy": "Hardened OpenSSH Server v8.0 (version 4)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt000066400000000000000000000014441470352310600305260ustar00rootroot00000000000000Host: localhost:2222 Policy: Hardened OpenSSH Server v8.0 (version 4) Result: ❌ Failed!  Errors: * Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match. - Expected: 3072 - Actual: 4096 * Host key (rsa-sha2-256) sizes did not match. - Expected: 4096 - Actual: 3072 * Host key (rsa-sha2-512) sizes did not match. - Expected: 4096 - Actual: 3072 * MACs did not match. - Expected: hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, umac-128-etm@openssh.com - Actual: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json000066400000000000000000000002331470352310600305770ustar00rootroot00000000000000{ "errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test11 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt000066400000000000000000000021411470352310600304450ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker policy: test11 (version 1) Result: ✔ Passed ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json000066400000000000000000000017761470352310600306150ustar00rootroot00000000000000{ "errors": [ { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (rsa-sha2-256) sizes" }, { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (rsa-sha2-512) sizes" }, { "actual": [ "3072" ], "expected_optional": [ "" ], "expected_required": [ "4096" ], "mismatched_field": "Host key (ssh-rsa) sizes" } ], "host": "localhost", "passed": false, "policy": "Docker policy: test12 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt000066400000000000000000000026051470352310600304530ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker policy: test12 (version 1) Result: ❌ Failed!  Errors: * Host key (rsa-sha2-256) sizes did not match. - Expected: 4096 - Actual: 3072 * Host key (rsa-sha2-512) sizes did not match. - Expected: 4096 - Actual: 3072 * Host key (ssh-rsa) sizes did not match. - Expected: 4096 - Actual: 3072  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json000066400000000000000000000002331470352310600306010ustar00rootroot00000000000000{ "errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test13 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt000066400000000000000000000026671470352310600304640ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker policy: test13 (version 1) Result: ✔ Passed ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json000066400000000000000000000007471470352310600306140ustar00rootroot00000000000000{ "errors": [ { "actual": [ "4096" ], "expected_optional": [ "" ], "expected_required": [ "8192" ], "mismatched_field": "Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes" } ], "host": "localhost", "passed": false, "policy": "Docker policy: test14 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt000066400000000000000000000031161470352310600304530ustar00rootroot00000000000000 WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option. Host: localhost:2222 Policy: Docker policy: test14 (version 1) Result: ❌ Failed!  Errors: * Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match. - Expected: 8192 - Actual: 4096  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test15.json000066400000000000000000000002331470352310600306030ustar00rootroot00000000000000{ "errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test15 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test15.txt000066400000000000000000000001371470352310600304540ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test15 (version 1) Result: ✔ Passed ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test16.json000066400000000000000000000050221470352310600306050ustar00rootroot00000000000000{ "errors": [ { "actual": [ "rsa-sha2-512", "rsa-sha2-256", "ssh-rsa", "ecdsa-sha2-nistp256", "ssh-ed25519" ], "expected_optional": [ "" ], "expected_required": [ "rsa-sha2-512", "extra_hostkey_alg" ], "mismatched_field": "Host keys" }, { "actual": [ "curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1" ], "expected_optional": [ "" ], "expected_required": [ "curve25519-sha256", "extra_kex_alg" ], "mismatched_field": "Key exchanges" }, { "actual": [ "chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com" ], "expected_optional": [ "" ], "expected_required": [ "chacha20-poly1305@openssh.com", "extra_cipher_alg" ], "mismatched_field": "Ciphers" }, { "actual": [ "umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1" ], "expected_optional": [ "" ], "expected_required": [ "umac-64-etm@openssh.com", "extra_mac_alg" ], "mismatched_field": "MACs" } ], "host": "localhost", "passed": false, "policy": "Docker policy: test16 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test16.txt000066400000000000000000000024601470352310600304560ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test16 (version 1) Result: ❌ Failed!  Errors: * Ciphers did not match. - Expected (subset and/or reordering allowed): chacha20-poly1305@openssh.com, extra_cipher_alg - Actual: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com * Host keys did not match. - Expected (subset and/or reordering allowed): rsa-sha2-512, extra_hostkey_alg - Actual: rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519 * Key exchanges did not match. - Expected (subset and/or reordering allowed): curve25519-sha256, extra_kex_alg - Actual: curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 * MACs did not match. - Expected (subset and/or reordering allowed): umac-64-etm@openssh.com, extra_mac_alg - Actual: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test17.json000066400000000000000000000002331470352310600306050ustar00rootroot00000000000000{ "errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test17 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test17.txt000066400000000000000000000001371470352310600304560ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test17 (version 1) Result: ✔ Passed ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json000066400000000000000000000002321470352310600305220ustar00rootroot00000000000000{ "errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test6 (version 1)", "port": 2222, "warnings": [] } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt000066400000000000000000000001361470352310600303730ustar00rootroot00000000000000Host: localhost:2222 Policy: Docker policy: test6 (version 1) Result: ✔ Passed ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_test1.json000066400000000000000000000321161470352310600255520ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "chacha20-poly1305@openssh.com", "notes": { "info": [ "default cipher since OpenSSH 6.9", "available since OpenSSH 6.5, Dropbear SSH 2020.79" ], "warn": [ "vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation" ] } }, { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes128-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "aes256-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } } ], "fingerprints": [ { "hash": "Q6Llm0o4TrcUen4tnT2h4BDf2f+ina6dIJmVH8c40bg", "hash_alg": "SHA256", "hostkey": "ecdsa-sha2-nistp256" }, { "hash": "cc:e0:80:84:5b:05:98:64:24:43:52:3b:17:c8:94:89", "hash_alg": "MD5", "hostkey": "ecdsa-sha2-nistp256" }, { "hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519" }, { "hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519" }, { "hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "curve25519-sha256", "notes": { "info": [ "default key exchange from OpenSSH 7.4 to 8.9", "available since OpenSSH 7.4, Dropbear SSH 2018.76" ] } }, { "algorithm": "curve25519-sha256@libssh.org", "notes": { "info": [ "default key exchange from OpenSSH 6.5 to 7.3", "available since OpenSSH 6.4, Dropbear SSH 2013.62" ] } }, { "algorithm": "ecdh-sha2-nistp256", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ] } }, { "algorithm": "ecdh-sha2-nistp384", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ] } }, { "algorithm": "ecdh-sha2-nistp521", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 4096, "notes": { "info": [ "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).", "available since OpenSSH 4.4" ] } }, { "algorithm": "diffie-hellman-group16-sha512", "notes": { "info": [ "available since OpenSSH 7.3, Dropbear SSH 2016.73" ] } }, { "algorithm": "diffie-hellman-group18-sha512", "notes": { "info": [ "available since OpenSSH 7.3" ] } }, { "algorithm": "diffie-hellman-group14-sha256", "notes": { "info": [ "available since OpenSSH 7.3, Dropbear SSH 2016.73" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } } ], "key": [ { "algorithm": "rsa-sha2-512", "keysize": 3072, "notes": { "info": [ "available since OpenSSH 7.2" ] } }, { "algorithm": "rsa-sha2-256", "keysize": 3072, "notes": { "info": [ "available since OpenSSH 7.2, Dropbear SSH 2020.79" ] } }, { "algorithm": "ssh-rsa", "keysize": 3072, "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ecdsa-sha2-nistp256", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ], "warn": [ "using weak random number generator could reveal the key" ] } }, { "algorithm": "ssh-ed25519", "notes": { "info": [ "available since OpenSSH 6.5, Dropbear SSH 2020.79" ] } } ], "mac": [ { "algorithm": "umac-64-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ], "warn": [ "using small 64-bit tag size" ] } }, { "algorithm": "umac-128-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha2-256-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha2-512-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha1-etm@openssh.com", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "umac-64@openssh.com", "notes": { "info": [ "available since OpenSSH 4.7" ], "warn": [ "using encrypt-and-MAC mode", "using small 64-bit tag size" ] } }, { "algorithm": "umac-128@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha2-256", "notes": { "info": [ "available since OpenSSH 5.9, Dropbear SSH 2013.56" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha2-512", "notes": { "info": [ "available since OpenSSH 5.9, Dropbear SSH 2013.56" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "del": { "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "ecdh-sha2-nistp256", "notes": "" }, { "name": "ecdh-sha2-nistp384", "notes": "" }, { "name": "ecdh-sha2-nistp521", "notes": "" } ], "key": [ { "name": "ecdsa-sha2-nistp256", "notes": "" }, { "name": "ssh-rsa", "notes": "" } ], "mac": [ { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-etm@openssh.com", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "chacha20-poly1305@openssh.com", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha256", "notes": "" } ], "mac": [ { "name": "hmac-sha2-256", "notes": "" }, { "name": "hmac-sha2-512", "notes": "" }, { "name": "umac-128@openssh.com", "notes": "" }, { "name": "umac-64-etm@openssh.com", "notes": "" }, { "name": "umac-64@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_test1.txt000066400000000000000000000177671470352310600254370ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_8.0 (gen) software: OpenSSH 8.0 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+ (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76  `- [info] default key exchange from OpenSSH 7.4 to 8.9 (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62  `- [info] default key exchange from OpenSSH 6.5 to 7.3 (kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) diffie-hellman-group-exchange-sha256 (4096-bit) -- [info] available since OpenSSH 4.4  `- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477). (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 (kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 # host-key algorithms (key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2 (key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79 (key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8 (key) ecdsa-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation `- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 `- [info] default cipher since OpenSSH 6.9 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 # message authentication code algorithms (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size `- [info] available since OpenSSH 6.2 (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 6.2 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 # fingerprints (fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU (fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244 # algorithm recommendations (for OpenSSH 8.0) (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  (rec) -ssh-rsa -- key algorithm to remove  (rec) -chacha20-poly1305@openssh.com -- enc algorithm to remove  (rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove  (rec) -hmac-sha2-256 -- mac algorithm to remove  (rec) -hmac-sha2-512 -- mac algorithm to remove  (rec) -umac-128@openssh.com -- mac algorithm to remove  (rec) -umac-64-etm@openssh.com -- mac algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_test2.json000066400000000000000000000266541470352310600255650ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "chacha20-poly1305@openssh.com", "notes": { "info": [ "default cipher since OpenSSH 6.9", "available since OpenSSH 6.5, Dropbear SSH 2020.79" ], "warn": [ "vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation" ] } }, { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes128-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "aes256-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } } ], "fingerprints": [ { "hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519" }, { "hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519" } ], "kex": [ { "algorithm": "curve25519-sha256", "notes": { "info": [ "default key exchange from OpenSSH 7.4 to 8.9", "available since OpenSSH 7.4, Dropbear SSH 2018.76" ] } }, { "algorithm": "curve25519-sha256@libssh.org", "notes": { "info": [ "default key exchange from OpenSSH 6.5 to 7.3", "available since OpenSSH 6.4, Dropbear SSH 2013.62" ] } }, { "algorithm": "ecdh-sha2-nistp256", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ] } }, { "algorithm": "ecdh-sha2-nistp384", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ] } }, { "algorithm": "ecdh-sha2-nistp521", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 4096, "notes": { "info": [ "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).", "available since OpenSSH 4.4" ] } }, { "algorithm": "diffie-hellman-group16-sha512", "notes": { "info": [ "available since OpenSSH 7.3, Dropbear SSH 2016.73" ] } }, { "algorithm": "diffie-hellman-group18-sha512", "notes": { "info": [ "available since OpenSSH 7.3" ] } }, { "algorithm": "diffie-hellman-group14-sha256", "notes": { "info": [ "available since OpenSSH 7.3, Dropbear SSH 2016.73" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength" ] } } ], "key": [ { "algorithm": "ssh-ed25519", "notes": { "info": [ "available since OpenSSH 6.5, Dropbear SSH 2020.79" ] } }, { "algorithm": "ssh-ed25519-cert-v01@openssh.com", "ca_algorithm": "ssh-ed25519", "casize": 256, "notes": { "info": [ "available since OpenSSH 6.5" ] } } ], "mac": [ { "algorithm": "umac-64-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ], "warn": [ "using small 64-bit tag size" ] } }, { "algorithm": "umac-128-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha2-256-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha2-512-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha1-etm@openssh.com", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "umac-64@openssh.com", "notes": { "info": [ "available since OpenSSH 4.7" ], "warn": [ "using encrypt-and-MAC mode", "using small 64-bit tag size" ] } }, { "algorithm": "umac-128@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha2-256", "notes": { "info": [ "available since OpenSSH 5.9, Dropbear SSH 2013.56" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha2-512", "notes": { "info": [ "available since OpenSSH 5.9, Dropbear SSH 2013.56" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "del": { "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "ecdh-sha2-nistp256", "notes": "" }, { "name": "ecdh-sha2-nistp384", "notes": "" }, { "name": "ecdh-sha2-nistp521", "notes": "" } ], "mac": [ { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-etm@openssh.com", "notes": "" } ] } }, "informational": { "add": { "key": [ { "name": "rsa-sha2-256", "notes": "" }, { "name": "rsa-sha2-512", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "chacha20-poly1305@openssh.com", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha256", "notes": "" } ], "mac": [ { "name": "hmac-sha2-256", "notes": "" }, { "name": "hmac-sha2-512", "notes": "" }, { "name": "umac-128@openssh.com", "notes": "" }, { "name": "umac-64-etm@openssh.com", "notes": "" }, { "name": "umac-64@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_test2.txt000066400000000000000000000162211470352310600254200ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_8.0 (gen) software: OpenSSH 8.0 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+ (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76  `- [info] default key exchange from OpenSSH 7.4 to 8.9 (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62  `- [info] default key exchange from OpenSSH 6.5 to 7.3 (kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) diffie-hellman-group-exchange-sha256 (4096-bit) -- [info] available since OpenSSH 4.4  `- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477). (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 (kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 (kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 # host-key algorithms (key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 (key) ssh-ed25519-cert-v01@openssh.com (256-bit cert/256-bit ssh-ed25519 CA) -- [info] available since OpenSSH 6.5 # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation `- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 `- [info] default cipher since OpenSSH 6.9 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 # message authentication code algorithms (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size `- [info] available since OpenSSH 6.2 (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm `- [info] available since OpenSSH 6.2 (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode  `- [warn] using small 64-bit tag size `- [info] available since OpenSSH 4.7 (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm  `- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 # fingerprints (fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU # algorithm recommendations (for OpenSSH 8.0) (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  (rec) +rsa-sha2-256 -- key algorithm to append  (rec) +rsa-sha2-512 -- key algorithm to append  (rec) -chacha20-poly1305@openssh.com -- enc algorithm to remove  (rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove  (rec) -hmac-sha2-256 -- mac algorithm to remove  (rec) -hmac-sha2-512 -- mac algorithm to remove  (rec) -umac-128@openssh.com -- mac algorithm to remove  (rec) -umac-64-etm@openssh.com -- mac algorithm to remove  (rec) -umac-64@openssh.com -- mac algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_test3.json000066400000000000000000000120731470352310600255540ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [], "enc": [ { "algorithm": "chacha20-poly1305@openssh.com", "notes": { "info": [ "default cipher since OpenSSH 6.9", "available since OpenSSH 6.5, Dropbear SSH 2020.79" ], "warn": [ "vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation" ] } }, { "algorithm": "aes256-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "aes128-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } } ], "fingerprints": [ { "hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519" }, { "hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519" } ], "kex": [ { "algorithm": "curve25519-sha256", "notes": { "info": [ "default key exchange from OpenSSH 7.4 to 8.9", "available since OpenSSH 7.4, Dropbear SSH 2018.76" ] } }, { "algorithm": "curve25519-sha256@libssh.org", "notes": { "info": [ "default key exchange from OpenSSH 6.5 to 7.3", "available since OpenSSH 6.4, Dropbear SSH 2013.62" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 4096, "notes": { "info": [ "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).", "available since OpenSSH 4.4" ] } } ], "key": [ { "algorithm": "ssh-ed25519", "notes": { "info": [ "available since OpenSSH 6.5, Dropbear SSH 2020.79" ] } } ], "mac": [ { "algorithm": "hmac-sha2-256-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha2-512-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "umac-128-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } } ], "recommendations": { "informational": { "add": { "kex": [ { "name": "diffie-hellman-group16-sha512", "notes": "" }, { "name": "diffie-hellman-group18-sha512", "notes": "" } ], "key": [ { "name": "rsa-sha2-256", "notes": "" }, { "name": "rsa-sha2-512", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "chacha20-poly1305@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/openssh_8.0p1_test3.txt000066400000000000000000000063531470352310600254260ustar00rootroot00000000000000# general (gen) banner: SSH-2.0-OpenSSH_8.0 (gen) software: OpenSSH 8.0 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+ (gen) compression: enabled (zlib@openssh.com) # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76  `- [info] default key exchange from OpenSSH 7.4 to 8.9 (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62  `- [info] default key exchange from OpenSSH 6.5 to 7.3 (kex) diffie-hellman-group-exchange-sha256 (4096-bit) -- [info] available since OpenSSH 4.4  `- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477). # host-key algorithms (key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation `- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 `- [info] default cipher since OpenSSH 6.9 (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 # message authentication code algorithms (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 # fingerprints (fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU # algorithm recommendations (for OpenSSH 8.0) (rec) +diffie-hellman-group16-sha512 -- kex algorithm to append  (rec) +diffie-hellman-group18-sha512 -- kex algorithm to append  (rec) +rsa-sha2-256 -- key algorithm to append  (rec) +rsa-sha2-512 -- key algorithm to append  (rec) -chacha20-poly1305@openssh.com -- enc algorithm to remove  # additional info (nfo) For hardening guides on common OSes, please see:  ssh-audit-3.3.0/test/docker/expected_results/tinyssh_20190101_test1.json000066400000000000000000000052021470352310600257170ustar00rootroot00000000000000{ "additional_notes": [], "banner": { "comments": "", "protocol": "2.0", "raw": "", "software": "tinyssh_noversion" }, "compression": [ "none" ], "cves": [], "enc": [ { "algorithm": "chacha20-poly1305@openssh.com", "notes": { "info": [ "default cipher since OpenSSH 6.9", "available since OpenSSH 6.5, Dropbear SSH 2020.79" ], "warn": [ "vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation" ] } } ], "fingerprints": [ { "hash": "89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519" }, { "hash": "dd:9c:6d:f9:b0:8c:af:fa:c2:65:81:5d:5d:56:f8:21", "hash_alg": "MD5", "hostkey": "ssh-ed25519" } ], "kex": [ { "algorithm": "curve25519-sha256", "notes": { "info": [ "default key exchange from OpenSSH 7.4 to 8.9", "available since OpenSSH 7.4, Dropbear SSH 2018.76" ] } }, { "algorithm": "curve25519-sha256@libssh.org", "notes": { "info": [ "default key exchange from OpenSSH 6.5 to 7.3", "available since OpenSSH 6.4, Dropbear SSH 2013.62" ] } }, { "algorithm": "sntrup4591761x25519-sha512@tinyssh.org", "notes": { "info": [ "the sntrup4591761 algorithm was withdrawn, as it may not provide strong post-quantum security", "available since OpenSSH 8.0" ], "warn": [ "using experimental algorithm" ] } } ], "key": [ { "algorithm": "ssh-ed25519", "notes": { "info": [ "available since OpenSSH 6.5, Dropbear SSH 2020.79" ] } } ], "mac": [ { "algorithm": "hmac-sha2-256", "notes": { "info": [ "available since OpenSSH 5.9, Dropbear SSH 2013.56" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": {}, "target": "localhost:2222" } ssh-audit-3.3.0/test/docker/expected_results/tinyssh_20190101_test1.txt000066400000000000000000000035661470352310600256000ustar00rootroot00000000000000# general (gen) software: TinySSH noversion (gen) compatibility: OpenSSH 8.0-8.4, Dropbear SSH 2020.79+ (gen) compression: disabled # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76  `- [info] default key exchange from OpenSSH 7.4 to 8.9 (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62  `- [info] default key exchange from OpenSSH 6.5 to 7.3 (kex) sntrup4591761x25519-sha512@tinyssh.org -- [warn] using experimental algorithm `- [info] available since OpenSSH 8.0 `- [info] the sntrup4591761 algorithm was withdrawn, as it may not provide strong post-quantum security # host-key algorithms (key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 # encryption algorithms (ciphers) (enc) chacha20-poly1305@openssh.com -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation `- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 `- [info] default cipher since OpenSSH 6.9 # message authentication code algorithms (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 # fingerprints (fin) ssh-ed25519: SHA256:89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU ssh-audit-3.3.0/test/docker/host_ca_ed25519000066400000000000000000000006431470352310600202710ustar00rootroot00000000000000-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAKAa0zr8GtM6 /AAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQ AAAEC/j/BpfmgaZqNMTkJXO4cKZBr31N5z33IRFjh5m6IDDhsz1andk9wLwh+G7oaM0Mlq gyDsrE7R6Xb6v0nflOW1AAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s -----END OPENSSH PRIVATE KEY----- ssh-audit-3.3.0/test/docker/host_ca_ed25519.pub000066400000000000000000000001571470352310600210560ustar00rootroot00000000000000ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsz1andk9wLwh+G7oaM0MlqgyDsrE7R6Xb6v0nflOW1 jdog@localhost.wonderland.lol ssh-audit-3.3.0/test/docker/host_ca_rsa_1024000066400000000000000000000015731470352310600205310ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS 6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8Su dBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQIDAQAB AoGBANALOUXRcP1tTtOP4+In/709dsONKyDBhPavGMFGsWtyIavBcbxU+bBzrq1j 3WJFCmi99xxAjjqMNInxhMgvSaoJtsiY0/FFxqRy6l/ZnRjI6hrVKR8whrPKVgBF pvbjeQIn9txeCYA8kwl/Si762u7byq+qvupE53xMP94J02KBAkEA/Q4+Hn1Rjblw VXynF+oXIq6iZy+8PW+Y/FIL8d31ehzfcssCMdFV6S3/wBoQkWby30oGC/xGmHGR 6ffXGilByQJBAOn3NMrBPXNkaPeQtgV3tk4s1dRDQYhbqGNz6tcgThyyPdhJCmCy jgUEhLwAetsDI8/+3avWbo6/csOV+BvpYUkCQQDQyEp6L1z0+FV1QqY99dZmt/yn 89t0OLnZG/xc7osU1/OHq3TBE3y1KU2D+j1HKdAiZ9l7VAYOykzf46qmG/n5AkEA 2kWjfcjcIIw7lULvXZh6fuI7NwTr3V/Nb8MUA1EDLqhnJCG4SdAqyKmXf6Fe/HYo cgKPIaIykIAxfCCsULXg6QJAOxB0CKYJlopVBdjGMlGqOEneWTmb1A2INQDE2Una LkSd0Rr8OiEzDeemV7j3Ec4BH0HxGMnHDxMybZwoZRnRPw== -----END RSA PRIVATE KEY----- ssh-audit-3.3.0/test/docker/host_ca_rsa_1024.pub000066400000000000000000000003631470352310600213120ustar00rootroot00000000000000ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQ== jdog@localhost.wonderland.lol ssh-audit-3.3.0/test/docker/host_ca_rsa_3072000066400000000000000000000046271470352310600205410ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG4wIBAAKCAYEAqxQEIbj8w0TrBY1fDO81curijQrdLOUr8Vl8XECWc5QGd1Lk AG80NgdcCBPvjWxZSmYrKeqA78GUdN+KgycE0ztpxYSXKHZMaIM5Xe94BB+BocH9 1vd/2iBzGeed1nV/zfAdq2AEHQj1TpII+a+z25yxv2PuwVTTwwo9I/6JgNq3evH4 Hbwgr3SRfEEYZQ+YL8cOpBuNg1YZOR0k1yk23ZqAd92JybxZ4iCtOt7rcj2sFHzN u1U544wWBwIL5yZZKTgBhY4dqfT2Ep7IzR5HdsdrvQV9qC92GM1zDE+U3AwrVKjH s0YZq3jzcq/yvFDCcMMRz4/0pGFFU26oWma+n3vbAxKJoL+rhG8QM9+l2qFlLGsn M0kUXAJXsPKbygpaP8Z3U4eKgTuJ2GuS9eLIFnB7mrwD75V6GgN9q5mY89DfkVSk HaoqpY8pPdRkz9QAmMEuLtHmv29CVOpfX5v/rsm7wASAZqtUlmFu4rFGBLwvZbUl Wu02HmgBT47g6EIfAgMBAAECggGAKVCdKtO03yd+pomcodAHFWiaK7uq7FOwCAo3 WUQT0Xe3FAwFmgFBF6cxV5YQ7RN0gN4poGbMmpoiUxNFLSU4KhcYFSZPJutiyn6e VQwm7L/7G2hw+AAvdSsPAPuJh6g6pC5Py/pVI/ns2/uyhTIkem3eEz18BF6LAXgw icfHx0GKu/tBk1TCg/zfwaUq0gUxGKC27XTl+QjK8JsUMY33fQ755Xiv9PMytcR0 cVoyfBVewFffi1UqtMQ48ZpR65G743RxrP4/wcwsfD7n5LJLdyxQkh3gIMTJ8dd/ R5V4FlueorRgjTbLTjGDxNrCAJ+locezhEEPXsPh2q0KiIXGyz2AMxaOqFmhU8oK aVVt8pWJ+YsrKIgc/A3s18ezO8uO5ZdtjQ+CWguduUGY7YgWezGLO1LPxhJC4d7b Q/xpeKveTRlcScAqOUzKgSuEhcvPgj8paUcRUoiXm4qiJBY5sXJks+YGp8BGksH0 O94no+Ns2G58MlL+RyXk3JWrc6zRAoHBANdPplY2sIuIiiEBu95f1Qar1nCBHhB2 i+HpnsUOdSlbxwMxoF8ffeN9N+DQqaqPu1RhFa5xbB2EUSujvOnL7b/RWqe1X9Po UIt5UjXctNP/HYcQDyjXY+rV5SZhHDyv6TBYurNZlvlBivliDz82THPRtqVxed3B w2MeaSkKAQ8rA7PE+0j3TG+YtIij0mHOhNPJgEZ/XZ9MIQOGMycRJhwOlclBI5NP Ak6p30ArnU2fX4qMkU3i+wqUfXS1hhDihwKBwQDLaHWPIWPVbWdcCbYQTcUmFC3i xkxd0UuLcfS9csk61nvdFj7m8tMExX+3fIo/fHEtzDd98Alc1i6/f6ePl0CX6NDu QIWLryI1QQRQidHCdw0wQ3N3VD4ZXJHDeqBxogVAkA7A/1QeXwcXE/Xj2ZgyDwhL 3+myjmvWtw9zJsXL0F3tpPzn+Mrf0KRkWOaluOw7hMMjVjrgu6g24HMWbHHVLRTx dlAI7tgxCAPe2SEi+1mzaVUZ8cfgqYqC3X66UakCgcEAopxtK7+yJi/A4pzEnnYS FS/CjMV3R0fA7aXbW0hIBCxkaW0Zib3m/eCcSxZMjZxwBpIsJctTtBcylprbGlgB /1TF+tNoxEo4Sp4eEL/XciTC0Da4vEewFrPklM/S26KfovvgRYPsGeP+aco9aahA pVhFcT36pBiq0DkvgucjValO6n5iqgDboYzbDDdttKCcgLc2Qgf/VUfRxy+bgm3Z MmdxiMXBcIfDXlW9XmGSNAWhyqnPM9uxbZQoC/Tsg+QRAoHANHMcFSsz9f2+8DGk 27FiC76aUmZ1nJ9yTmO1CwDFOMHDsK+iyqSEmy9eDm8zqsko2flVuciicWjdJw4A o/sJceJbtYO3q9weAwNf3HCdQPq30OEjrfpwBNQk1fYR1xtDJXHADC4Kf8ZbKq0/ 81/Rad8McZwsQ5mL3xLXDgdKa5KwFa48dIhnr6y6JxHxb3wule5W7w62Ierhpjzc EEUoWSLFyrmKS7Ni1cnOTbFJZR7Q831Or2Dz/E9bYwFAQ0T5AoHAM4/zU+8rsbdD FvvhWsj7Ivfh6pxx1Tl1Wccaauea9AJayHht0FOzkycpJrH1E+6F5MzhkFFU1SUY 60NZxzSZgbU0HBrJRcRFyo510iMcnctdTdyh8p7nweGoD0oqXzf6cHqrUep8Y8rQ gkSVhPE31+NGlPbwz+NOflcaaAWYiDC6wjVt1asaZq292SJD4DF1fAUkbQ2hxgyQ +G/6y5ovrcGnh7q63RLhW1TRf8dD2D2Av9UgXDmWZAZ5n838FS+X -----END RSA PRIVATE KEY----- ssh-audit-3.3.0/test/docker/host_ca_rsa_3072.pub000066400000000000000000000011071470352310600213140ustar00rootroot00000000000000ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8= jdog@localhost.wonderland.lol ssh-audit-3.3.0/test/docker/moduli_1024000066400000000000000000000305241470352310600175330ustar00rootroot0000000000000020190821035337 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08BE313B 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08C0B443 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08D1AF8B 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E76DDB 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E8F5D3 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08EE3F1B 20190821035338 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F28387 20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F69A57 20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0903B157 20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0905C973 20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0909BCD3 20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC090F4A2B 20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0933BC13 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09395757 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC093F40D7 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09478D4F 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0953A4D7 20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC095B5C7B 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09696573 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096BA243 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096F3903 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09850E4B 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098A1C23 20190821035341 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098E08E7 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09A4FF7F 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09AE4707 20190821035342 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09B4CE73 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09C60C6F 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09D2588F 20190821035343 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A025067 20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A0E38EB 20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A213923 20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A390CA7 20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A3C7ADB 20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A44D497 20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A479B13 20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A5EF01F 20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A615D43 20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A6BEADB 20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A86309F 20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A991E8F 20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA32C53 20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA9FAAB 20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AAC42BB ssh-audit-3.3.0/test/docker/policies/000077500000000000000000000000001470352310600174545ustar00rootroot00000000000000ssh-audit-3.3.0/test/docker/policies/policy_test1.txt000066400000000000000000000010401470352310600226270ustar00rootroot00000000000000# # Docker policy: test1 # name = "Docker policy: test1" version = 1 host keys = ssh-rsa, ssh-dss key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test10.txt000066400000000000000000000032541470352310600227200ustar00rootroot00000000000000# # Docker policy: test10 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker poliicy: test10" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_5.6" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 3072 hostkey_size_rsa-sha2-512 = 3072 hostkey_size_ssh-rsa = 3072 hostkey_size_ssh-rsa-cert-v01@openssh.com = 4096 # RSA CA key sizes. cakey_size_ssh-rsa-cert-v01@openssh.com = 4096 # The host key types that must match exactly (order matters). host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com # The key exchange algorithms that must match exactly (order matters). key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 # The ciphers that must match exactly (order matters). ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se # The MACs that must match exactly (order matters). macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test11.txt000066400000000000000000000034271470352310600227230ustar00rootroot00000000000000# # Docker policy: test11 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker policy: test11" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_8.0" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 3072 hostkey_size_rsa-sha2-512 = 3072 hostkey_size_ssh-rsa = 3072 # The host key types that must match exactly (order matters). host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519 # The key exchange algorithms that must match exactly (order matters). key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 # The ciphers that must match exactly (order matters). ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com # The MACs that must match exactly (order matters). macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 ssh-audit-3.3.0/test/docker/policies/policy_test12.txt000066400000000000000000000034271470352310600227240ustar00rootroot00000000000000# # Docker policy: test12 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker policy: test12" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_8.0" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 4096 hostkey_size_rsa-sha2-512 = 4096 hostkey_size_ssh-rsa = 4096 # The host key types that must match exactly (order matters). host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519 # The key exchange algorithms that must match exactly (order matters). key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 # The ciphers that must match exactly (order matters). ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com # The MACs that must match exactly (order matters). macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 ssh-audit-3.3.0/test/docker/policies/policy_test13.txt000066400000000000000000000035671470352310600227320ustar00rootroot00000000000000# # Docker policy: test13 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker policy: test13" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_8.0" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 3072 hostkey_size_rsa-sha2-512 = 3072 hostkey_size_ssh-rsa = 3072 # Group exchange DH modulus sizes. dh_modulus_size_diffie-hellman-group-exchange-sha256 = 4096 # The host key types that must match exactly (order matters). host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519 # The key exchange algorithms that must match exactly (order matters). key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 # The ciphers that must match exactly (order matters). ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com # The MACs that must match exactly (order matters). macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 ssh-audit-3.3.0/test/docker/policies/policy_test14.txt000066400000000000000000000035671470352310600227330ustar00rootroot00000000000000# # Docker policy: test14 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker policy: test14" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_8.0" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 3072 hostkey_size_rsa-sha2-512 = 3072 hostkey_size_ssh-rsa = 3072 # Group exchange DH modulus sizes. dh_modulus_size_diffie-hellman-group-exchange-sha256 = 8192 # The host key types that must match exactly (order matters). host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519 # The key exchange algorithms that must match exactly (order matters). key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 # The ciphers that must match exactly (order matters). ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com # The MACs that must match exactly (order matters). macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 ssh-audit-3.3.0/test/docker/policies/policy_test15.txt000066400000000000000000000017151470352310600227250ustar00rootroot00000000000000# # Docker policy: test15 # name = "Docker policy: test15" version = 1 allow_algorithm_subset_and_reordering = true banner = "SSH-2.0-OpenSSH_8.0" compressions = none, zlib@openssh.com host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519, extra_hostkey_alg key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, extra_kex_alg ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, extra_cipher_alg macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1, extra_mac_alg ssh-audit-3.3.0/test/docker/policies/policy_test16.txt000066400000000000000000000005771470352310600227330ustar00rootroot00000000000000# # Docker policy: test16 # name = "Docker policy: test16" version = 1 allow_algorithm_subset_and_reordering = true banner = "SSH-2.0-OpenSSH_8.0" compressions = none, zlib@openssh.com host keys = rsa-sha2-512, extra_hostkey_alg key exchanges = curve25519-sha256, extra_kex_alg ciphers = chacha20-poly1305@openssh.com, extra_cipher_alg macs = umac-64-etm@openssh.com, extra_mac_alg ssh-audit-3.3.0/test/docker/policies/policy_test17.txt000066400000000000000000000021431470352310600227230ustar00rootroot00000000000000# # Docker policy: test17 # name = "Docker policy: test17" version = 1 allow_larger_keys = true banner = "SSH-2.0-OpenSSH_8.0" compressions = none, zlib@openssh.com host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519 key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 host_key_sizes = {"ssh-rsa": {"hostkey_size": 2048}, "rsa-sha2-256": {"hostkey_size": 2048}, "rsa-sha2-512": {"hostkey_size": 2048}, "ssh-ed25519": {"hostkey_size": 256}} dh_modulus_sizes = {"diffie-hellman-group-exchange-sha256": 2048} ssh-audit-3.3.0/test/docker/policies/policy_test2.txt000066400000000000000000000006611470352310600226400ustar00rootroot00000000000000# # Docker policy: test2 # name = "Docker policy: test2" version = 1 host keys = ssh-rsa, ssh-dss key exchanges = kex_alg1, kex_alg2 ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test3.txt000066400000000000000000000010521470352310600226340ustar00rootroot00000000000000# # Docker policy: test3 # name = "Docker policy: test3" version = 1 host keys = ssh-rsa, ssh-dss, key_alg1 key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test4.txt000066400000000000000000000006171470352310600226430ustar00rootroot00000000000000# # Docker policy: test4 # name = "Docker policy: test4" version = 1 host keys = ssh-rsa, ssh-dss key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 ciphers = cipher_alg1, cipher_alg2 macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test5.txt000066400000000000000000000010351470352310600226370ustar00rootroot00000000000000# # Docker policy: test5 # name = "Docker policy: test5" version = 1 host keys = ssh-rsa, ssh-dss key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac_alg1, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test6.txt000066400000000000000000000015331470352310600226430ustar00rootroot00000000000000# # Docker policy: test6 # name = "Docker policy: test6" version = 1 banner = "SSH-2.0-OpenSSH_8.0" compressions = none, zlib@openssh.com host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519 key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 ssh-audit-3.3.0/test/docker/policies/policy_test7.txt000066400000000000000000000032521470352310600226440ustar00rootroot00000000000000# # Docker policy: test7 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker poliicy: test7" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_5.6" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 3072 hostkey_size_rsa-sha2-512 = 3072 hostkey_size_ssh-rsa = 3072 hostkey_size_ssh-rsa-cert-v01@openssh.com = 3072 # RSA CA key sizes. cakey_size_ssh-rsa-cert-v01@openssh.com = 1024 # The host key types that must match exactly (order matters). host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com # The key exchange algorithms that must match exactly (order matters). key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 # The ciphers that must match exactly (order matters). ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se # The MACs that must match exactly (order matters). macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test8.txt000066400000000000000000000032521470352310600226450ustar00rootroot00000000000000# # Docker policy: test8 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker poliicy: test8" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_5.6" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 3072 hostkey_size_rsa-sha2-512 = 3072 hostkey_size_ssh-rsa = 3072 hostkey_size_ssh-rsa-cert-v01@openssh.com = 3072 # RSA CA key sizes. cakey_size_ssh-rsa-cert-v01@openssh.com = 2048 # The host key types that must match exactly (order matters). host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com # The key exchange algorithms that must match exactly (order matters). key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 # The ciphers that must match exactly (order matters). ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se # The MACs that must match exactly (order matters). macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/policies/policy_test9.txt000066400000000000000000000032521470352310600226460ustar00rootroot00000000000000# # Docker policy: test9 # # The name of this policy (displayed in the output during scans). Must be in quotes. name = "Docker poliicy: test9" # The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings. version = 1 # The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal. # banner = "SSH-2.0-OpenSSH_5.6" # The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal. # header = "[]" # The compression options that must match exactly (order matters). Commented out to ignore by default. # compressions = none, zlib@openssh.com # RSA host key sizes. hostkey_size_rsa-sha2-256 = 3072 hostkey_size_rsa-sha2-512 = 3072 hostkey_size_ssh-rsa = 3072 hostkey_size_ssh-rsa-cert-v01@openssh.com = 4096 # RSA CA key sizes. cakey_size_ssh-rsa-cert-v01@openssh.com = 1024 # The host key types that must match exactly (order matters). host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com # The key exchange algorithms that must match exactly (order matters). key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 # The ciphers that must match exactly (order matters). ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se # The MACs that must match exactly (order matters). macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96 ssh-audit-3.3.0/test/docker/ssh1_host_key000066400000000000000000000010301470352310600203450ustar00rootroot00000000000000SSH PRIVATE KEY FILE FORMAT 1.1 ÒxZI;K콩 |Pfʚ#03RKט@i.bEI\ Er|ޜ5ՅJ_B.:%do\KF>BJ&@!cǚ/ɜ >tkzG~A8(}akcZh7" x60(,,w2R"e6܁"KRȎ%.5W٧\ٱ}szںXN]5"TM bWA( $2(CJYoOGs E"bBBDy#c9 b1ޗK.p$4 Pc kessh-audit-3.3.0/test/docker/ssh1_host_key.pub000066400000000000000000000005241470352310600211410ustar00rootroot000000000000001024 35 150823875409720459951648542224727752099073441604930026287525797402159071426070997897033651155038337251362080634963146983947007228274330777134724953282680928153520263171933106732090266742784258910450489054624715996015082463159338507115031336180486071622718809324273851629938883104520608180885444242395900180011 root@ubuntu1604server ssh-audit-3.3.0/test/docker/ssh_host_dsa_key000066400000000000000000000012341470352310600211210ustar00rootroot00000000000000-----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQDth1eV+A8j191R0ey0dVXL2LGNGYM+a+PomSa7suK8xNCeVLKC YpQ6VSWpAf6FbRWev1UVo8IpbglwFZPcyFPK2G1H7p45ows2SN4CleszDD56e6W0 3Plc+qMqSJ6LTjr4M5+HqTDOM3CS72d7MXUkfHQiagyrWQhXyc0kFsNJLwIVAKg7 b5+NiIZzpg5IEH0tlYFQpuhBAoGAGcbq79QqNNZRuPCE/F05sCoTRGCmFnDjCuCg WN7wNRotjMz/S3pHtCCeuTT1jT6Hy0ZFHftv0t/GF8GBRgeokUbS4ytHpOkFWcTz 8oFguDL44nq8eNfSY6bzEl84qsgEe4HP93mB4FR1ZUUgI4b7gCBOYEFl3yPiH7H1 p7Z9E1oCgYAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7p kwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f 1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXawIURv3Maige oxmfqC24VoROJEq+sew= -----END DSA PRIVATE KEY----- ssh-audit-3.3.0/test/docker/ssh_host_dsa_key.pub000066400000000000000000000011151470352310600217040ustar00rootroot00000000000000ssh-dss AAAAB3NzaC1kc3MAAACBAO2HV5X4DyPX3VHR7LR1VcvYsY0Zgz5r4+iZJruy4rzE0J5UsoJilDpVJakB/oVtFZ6/VRWjwiluCXAVk9zIU8rYbUfunjmjCzZI3gKV6zMMPnp7pbTc+Vz6oypInotOOvgzn4epMM4zcJLvZ3sxdSR8dCJqDKtZCFfJzSQWw0kvAAAAFQCoO2+fjYiGc6YOSBB9LZWBUKboQQAAAIAZxurv1Co01lG48IT8XTmwKhNEYKYWcOMK4KBY3vA1Gi2MzP9Leke0IJ65NPWNPofLRkUd+2/S38YXwYFGB6iRRtLjK0ek6QVZxPPygWC4Mvjierx419JjpvMSXziqyAR7gc/3eYHgVHVlRSAjhvuAIE5gQWXfI+IfsfWntn0TWgAAAIAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7pkwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXaw== ssh-audit-3.3.0/test/docker/ssh_host_ecdsa_key000066400000000000000000000003431470352310600214310ustar00rootroot00000000000000-----BEGIN EC PRIVATE KEY----- MHcCAQEEICq/YV5QenL0uW5g5tCjY3EWs+UBFmskY+Jjt2vd2aEmoAoGCCqGSM49 AwEHoUQDQgAEdYSxDVUjOpW479L/nRDiAdxRB5Kuy2bgkP/LA2pnWPcGIWmFa4QU YN2U3JsFKcLIcx5cvTehQfgrHDnaSKVdKA== -----END EC PRIVATE KEY----- ssh-audit-3.3.0/test/docker/ssh_host_ecdsa_key.pub000066400000000000000000000002411470352310600222130ustar00rootroot00000000000000ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHWEsQ1VIzqVuO/S/50Q4gHcUQeSrstm4JD/ywNqZ1j3BiFphWuEFGDdlNybBSnCyHMeXL03oUH4Kxw52kilXSg= ssh-audit-3.3.0/test/docker/ssh_host_ed25519_key000066400000000000000000000006431470352310600213530ustar00rootroot00000000000000-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xygAAAKDiqVOs4qlT rAAAAAtzc2gtZWQyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xyg AAAECTmHGkq0Qea0QqTJYMXL0bpxVU7mhgwYninfVWxrA017/1EPYCj3k4MMgfyLXV6RMA u63wBQ2pahDHSMeU/jHKAAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s -----END OPENSSH PRIVATE KEY----- ssh-audit-3.3.0/test/docker/ssh_host_ed25519_key-cert.pub000066400000000000000000000007331470352310600230730ustar00rootroot00000000000000ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIO1W0I8tD0c4LypvHY1XNch3BQCw9Yy28/4KmAYql80DAAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHKAAAAAAAAAAAAAAACAAAABHRlc3QAAAAIAAAABHRlc3QAAAAAXV7hvAAAAACBa2YhAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAFMAAAALc3NoLWVkMjU1MTkAAABAW60bCSeIG4Ta+57zgkSbW4LIGCxtOuJJ+pP3i3S0xJJfHGnOtXbg0NQm7pulNl/wd01kgJO9A7RjbhTh7TV1AA== ssh_host_ed25519_key.pub ssh-audit-3.3.0/test/docker/ssh_host_ed25519_key.pub000066400000000000000000000001211470352310600221270ustar00rootroot00000000000000ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHK ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_1024000066400000000000000000000015731470352310600216130ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ4 0toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6J WHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQIDAQAB AoGATGZ16s5NqDsWJ4B9k3xx/2wZZ+BGzl6a7D0habq97XLn8HGoK6UqTBFk6lnO WSy0hZBPrNq0AzqCDJY7RrfuZqgVAu/+HEFuXencgt8Z//ueYBaGK8yAC+OrMnDG LbSoIGRq8saaFtCzt47c+uSVsrhJ4TvK5gbceZuD/2uw10ECQQD79T0j+YWsLISK PKvYHqEXSMPN6b+lK9hRPLoF9NMksNLSjuxxhkYHz+hJPVNT+wPtRMAYmMdPXfKa FjuErXVFAkEA4ZgJIOeJ7OHfqGEgd29m36yFy0UaUJ+cmYuJzHAYWgW3TOanqpZm A8EENuXvH0DtYRVytv4m/cIRVVPxWtXzsQJBALXlQUOEc0VuSi1GScVXr3KQ3JL+ ipWixqM3VRDRw9D8Ouc5uWbnygz/wrGFLXA2ioozlP7s5Q7eQzOMk2FgnIUCQQCz j5QUgLcjuVWQbF6vMhisCGImPUaIzcKT5KE1/DMl1E7mAuGJwlRIwKVeHP6L3d4T 3EKGrRzT9lhdlocRSiLBAkEAi3xI0MOZp4xGviPc1C1TKuqdJSr8fHwbtLozwNQO nnF6m5S72JzZEThDBZS9zcdBp9EFpTvUGzx/O0GI454eoA== -----END RSA PRIVATE KEY----- ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_1024-cert_1024.pub000066400000000000000000000014601470352310600237740ustar00rootroot00000000000000ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgFqxXSa9HTqCw5YW3DdIwVREPGxI+i56w32RnHWRg0NoAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtAtQAAAAAAAAAAAAAAAAAAAJcAAAAHc3NoLXJzYQAAAAMBAAEAAACBAOdGU3cAWdR7aUV/lcb1SFcuv/086u41MVsy3TOuM5RKOYBLuFLqkO/lUROhPoNpHURBRhqpIykdjNmG4Irna+vJ06blcVsnvvXav0zJlBSGhVnHxK50EfNUMhU7eNwwxYiWt9YEydRpQcSqmbLzxjuAoNrZNbEmDX6GDnUqoetRAAAAjwAAAAdzc2gtcnNhAAAAgFRc2g0eWXGmqSa6Z8rcMPHf4rNMornEHSnTzZ8Rdh4YBhDa9xMRRy6puaWPDzXxOfZh7eSjCwrzUMEXTgCIO4oX62xm/6kUnAmKhXle0+inR/hdPg03daE0SBJ4spBT49lJ4WIW38RKFNzjmYg70rTPAnP8oM/F3CC1GV117/Vv ssh_host_rsa_key_1024.pub ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_1024-cert_3072.pub000066400000000000000000000027341470352310600240060ustar00rootroot00000000000000ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJGcfyW8V6VWGT7lD1ardj2RtTP8TOjmLRNbuoGkyZQAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtA7gAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAKsUBCG4/MNE6wWNXwzvNXLq4o0K3SzlK/FZfFxAlnOUBndS5ABvNDYHXAgT741sWUpmKynqgO/BlHTfioMnBNM7acWElyh2TGiDOV3veAQfgaHB/db3f9ogcxnnndZ1f83wHatgBB0I9U6SCPmvs9ucsb9j7sFU08MKPSP+iYDat3rx+B28IK90kXxBGGUPmC/HDqQbjYNWGTkdJNcpNt2agHfdicm8WeIgrTre63I9rBR8zbtVOeOMFgcCC+cmWSk4AYWOHan09hKeyM0eR3bHa70FfagvdhjNcwxPlNwMK1Sox7NGGat483Kv8rxQwnDDEc+P9KRhRVNuqFpmvp972wMSiaC/q4RvEDPfpdqhZSxrJzNJFFwCV7Dym8oKWj/Gd1OHioE7idhrkvXiyBZwe5q8A++VehoDfauZmPPQ35FUpB2qKqWPKT3UZM/UAJjBLi7R5r9vQlTqX1+b/67Ju8AEgGarVJZhbuKxRgS8L2W1JVrtNh5oAU+O4OhCHwAAAY8AAAAHc3NoLXJzYQAAAYCO78ONpHp+EGWDqDLb/GPFDH32o6oaRRrIH/Bhvg1FOi5XngnHTdU7xWdnJqNE2Sl6VOrg0sTCMYcX9fZ8tVREnCo3aF7Iwow5Br67QYKayRzHANQqHaVK46lpI1gz81V00u54tX1F8oEUqm6sRmFKFuklt6CjfbR+tnpj7DrfeOTKEBOGJP2uU0jMsJr2DrBeXrzONjIJtIJ1AxWjXd2LeIWO2C6yTkcN5ggThMMaeu6QuuBPpC2PN2COfu+Mgto9g103+/SS4Wa8CzinZZn2Xe1isUxI8QRNrShy4Hl/bIZQL7mi/0rxkfw+fA7IzMk462V99gPVSp+/jK0sbUJoC3QeeglS5hWodjW+VGZfgweGQ+AE/OxkNSv+kDPMYEkjfOf4qhxS5QFvButLt6zp2UNbE5+OWvYpdjO9/DOa0ro+wCw07+dVKIcDpU2csiCcJvQ/HmKAmhch7jOHa0WaxSX0tt0xTPJWTvr6E4WZOgEnk9AvWmrKjF5tEzGYwTU= ssh_host_rsa_key_1024.pub ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_1024.pub000066400000000000000000000003251470352310600223720ustar00rootroot00000000000000ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQ== ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_3072000066400000000000000000000046331470352310600216200ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIG5AIBAAKCAYEAzhHp7eFnrQAJqOd7aihyQyIDKgxCF7H51Q3Ft3+8af+lX3Ol Ie77Gi5GNNM+eRB4OzG+CBslxN5I3pM//sZ+gyylA1VuWZZkOlgtbOHutIkO2ldk XtoGidla0VAxLcUcUK6cCmqwBTT31Hp4Qimp2zyeg/l5q0DhWKguY13lrm5b3YZY rj7CW3Ktzxf8SbYz6du8KF0dHCWilzq+FLeGzXr7Yul5njVF5njkGvZ9duQ0qiVR zqZkrkLEWgQlCM0T+PyUbvedL1MfDZPHGh7ZhU0snOvJRsxAr31tlknq+WwauZYd DzJf1g1URcM65UwEsPlfgOW3ZoZogR1v57Im+KdsKhq2B3snEtJgdQh06JyO0ur4 uUXo1mMtvBFhiptUtwP4g9v/IN4neeK+wBRom46m2Q1bMUBPneBOa8r2SY/3ynrz XuVIWFOQtF60aJ+BNqvgUVCKOmz1KzoJwTqGm+EFaKM5z+UQWjIbSE3Ge4X5hXtk Ou52v+tyDUk6boZLAgMBAAECggGAdrhxWmA7N7tG1W2Pd6iXs7+brRTk2vvpYGqP 11kbNsJXBzf8EiG5vuqb/gEaA+uOKSRORCNHzjT2LG0POHwpFO+aneIRMkHnuolk mk9ME+zGhtpEdDUOAUsc/GxD+QePeZgvQ/0VLdrHUT3BnPSd7DXvaT9IbnZxnX8/ QnYtRiJEgMrOuoxjswXNxvsdmWYEYJ38uBB1Hes80f3A1vSpECbjP6gdLh2pCM/r MvGBdQaipMfdar4IUTEcKHQs1fY3mlAxnWRjYCqJPmq10d3NrdUrHb2zBE1HCC4h aj2ycTxFhDJqGV6Y2AboHqh2c7lPJ+R2UjI9mIpALZSviHB1POcpWCAGA3NKjri9 8jgxl3bj03ikJNfCuvlqRTa8at63W2zZTMRsxamoiO023uUOEMNBPwWXP/rVhQ8g ufih0SY44j0EMPIuu2PoQV4ZSOtDw8xdPrchVCa078/pP5cRa4uV0bl2K4as+cYC BhjEq2Org3ulDW2n6Mz5ZS7NbAkxAoHBAP/bgPGKX7rfrHa5MRHIgbLSmZtUoF51 YGelc8ytRx6UT6wriJ1jQRXiI5mZlIXyVxMpIz9s4+h59kF+LpZuNLc3vTYpPOQn RUDBVY6+SPC5MancL7bfBoHahpWEJuJB/WUE7eWvQM03/LsBtU6Nq+R632t5KdqF A4y86qgD1vIjcBWvySLFJZGOCoNbj7ZinoBUO3ueYK6SUj8xH6TAqOJsTPvquRT3 AFBpFBmrVc24wW7wTiLkQOhkIQs1J/ZhYwKBwQDOL07qF8wsoQBBTTXkZ59BCauz R8kfqe5oUBwsmGJdiIHX6gutBA07sSwzVekIvCCkJFXk3TxLoBSMHEZEIdnS+HVt gMIacYuhbh+XztdY0kadH/SMbVQD/2LZcL99vcZPq1QF3cHb0Buip5+fyAYjoEc7 oVgvewD/TwdNcMjos/kMNh6l04kLi6vQG3WhoSBPWaoB669ppBNXSrWKe43nXVi6 EvjGEiL+HCCnmD6LiD6p797Owu9AChP6fXInD/kCgcEAiLP3SRbt3yLzOtvn4+CF q83qVJv6s31zbO1x2cIbZbNIfm0kKTOG6vJQoxjzyj2ZWJt6QcEkZGoFsSiCK83m TJ5zciTGbACvd9HUrNfukO/iISeMNuEi0O65Sdm6DNnFUdw4X6grr3pihmh7PuVj GkisZvft7Nt08hVeKzch+W4FzRCHHxTG5eZGp7icKI64sUhQH9SXQ67aUvkkNxrZ IWFMIK1hBlqSyGPcYXqx9aDpeSTcGrhqFcCqBxr3pySRAoHAfJNO3delEC3yxoHN FwSYzyX1rOuplE0K89G7RCKKBDNPKFKL3Wx+Rluk9htpIlLwcdxWXWJiZNsCrykC N3YwcuyVnqTWIj4KfG3Z/tIFgPADpDnDevkvcv7iDbi2qlV4NXix2p2C3LnfiKY4 psSnGO1lPJ0eeAmcr6VjJyIG8bqTthIY8F5gBi7Mj3+X0iFVMTxeoKxzHqP435wP Fe3S7kCTNFH0J1Cb/eamwDwXRhz6p5h7iXd0MMAmFAmpZ/qZAoHBAPDSIvk2ocf1 FVW8pKtKOJFIs8iQVIaOLKwPJVP8/JsB1+7mQx5KMoROb5pNpX2edN4vvG0CgqpJ KekleqpH6nQCqYGFZ1BDhORElNILxeJHcNl0eAG++IJ2PfIpTZV30edDqMm0x7EI 8POZWAx809VzcYbE2jsgpN/EuiaG30EAI5yNvyzmZRCyQykH+eltHlCx17MWBxRQ bb2UUfpdInTMS2vyrvkeUACkC1DGYdBVVBqqPTkHZg+Kcbs8ntQqEQ== -----END RSA PRIVATE KEY----- ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_3072-cert_1024.pub000066400000000000000000000022101470352310600237730ustar00rootroot00000000000000ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGHz1JwF/1IcxW3pdQtpqbUjIHaFuk0cR/+l50vG+9hIAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXry0AAAAAIFrQR8AAAAAAAAAAAAAAAAAAACXAAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQAAAI8AAAAHc3NoLXJzYQAAAIB4HaEexgQ9T6rScEbiHZx+suCaYXI7ywLYyoSEO48K8o+MmO83UTLtpPa3DXlT8hSYL8Aq6Bb5AMkDawsgsC484owPqObT/5ndLG/fctNBFcCTSL0ftte+A8xH0pZaGRoKbdxxgMqX4ubrCXpbMLGF9aAeh7MRa756XzqGlsCiSA== ssh_host_rsa_key_3072.pub ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_3072-cert_3072.pub000066400000000000000000000034601470352310600240100ustar00rootroot00000000000000ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg9MVX4OlkEy3p9eC+JJp8h7j76EmI46EY/RXxCGSWTC0AAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXr0sAAAAAIFrQWwAAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8AAAGPAAAAB3NzaC1yc2EAAAGAG8tCiBMSq3Of3Gmcrid2IfPmaaemYivgEEuK8ubq1rznF0vtR07/NUQ7WVzfJhUSeG0gtJ3A1ey60NjcBn0DHao4Q3ATIXnkSOIKjNolZ2urqYv9fT1LAC4I5XWGzK2aKK0NEqAYr06YPtcGOBQk5+3GPAWSJ4eQycKRz5BSuMYbKaVxU0kGSvbavG07ZntMQhia/lILyq84PjXh/JlRVpIqY+LAS0qwqkUR3gWMTmvYvYI7fXU84ReVB1ut75bY7Xx0DXHPl1Zc2MNDLGcKsByZtoO9ueZRyOlZMUJcVP5fK+OUuZKjMbCaaJnV55BQ78/rftIPYsTEEO2Sf9WT86ADa3k4S0pyWqlTxBzZcDWNt+fZFNm9wcqcYS32nDKtfixcDN8E/IJIWY7aoabPqoYnKUVQBOcIEnZf1HqsKUVmF44Dp9mKhefUs3BtcdK63j/lNXzzMrPwZQAreJqH/uV3TgYBLjMPl++ctX6tCe6Hv5zFKNhnOCSBSzcsCgIU ssh_host_rsa_key_3072.pub ssh-audit-3.3.0/test/docker/ssh_host_rsa_key_3072.pub000066400000000000000000000010511470352310600223740ustar00rootroot00000000000000ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhks= ssh-audit-3.3.0/test/stubs/000077500000000000000000000000001470352310600155365ustar00rootroot00000000000000ssh-audit-3.3.0/test/stubs/colorama.pyi000066400000000000000000000002361470352310600200570ustar00rootroot00000000000000from typing import Optional def init(autoreset: bool = False, convert: Optional[bool] = None, strip: Optional[bool] = None, wrap: bool = True) -> None: ... ssh-audit-3.3.0/test/test_algorithm.py000066400000000000000000000231321470352310600177760ustar00rootroot00000000000000import pytest from ssh_audit.algorithm import Algorithm from ssh_audit.timeframe import Timeframe # pylint: disable=attribute-defined-outside-init class TestAlgorithm: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.algorithm = Algorithm self.timeframe = Timeframe def _tf(self, v, s=None): return self.timeframe().update(v, s) def test_get_ssh_version(self): def ver(v): return self.algorithm.get_ssh_version(v) assert ver('7.5') == ('OpenSSH', '7.5', False) assert ver('7.5C') == ('OpenSSH', '7.5', True) assert ver('d2016.74') == ('Dropbear SSH', '2016.74', False) assert ver('l10.7.4') == ('libssh', '0.7.4', False) assert ver('')[1] == '' def test_get_since_text(self): def gst(v): return self.algorithm.get_since_text(v) assert gst(['7.5']) == 'available since OpenSSH 7.5' assert gst(['7.5C']) == 'available since OpenSSH 7.5 (client only)' assert gst(['7.5,']) == 'available since OpenSSH 7.5' assert gst(['d2016.73']) == 'available since Dropbear SSH 2016.73' assert gst(['7.5,d2016.73']) == 'available since OpenSSH 7.5, Dropbear SSH 2016.73' assert gst(['l10.7.4']) is None assert gst([]) is None def test_timeframe_creation(self): # pylint: disable=line-too-long,too-many-statements def cmp_tf(v, s, r): assert str(self._tf(v, s)) == str(r) cmp_tf(['6.2'], None, {'OpenSSH': ['6.2', None, '6.2', None]}) cmp_tf(['6.2'], True, {'OpenSSH': ['6.2', None, None, None]}) cmp_tf(['6.2'], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2C'], None, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2C'], True, {}) cmp_tf(['6.2C'], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.1,6.2C'], None, {'OpenSSH': ['6.1', None, '6.2', None]}) cmp_tf(['6.1,6.2C'], True, {'OpenSSH': ['6.1', None, None, None]}) cmp_tf(['6.1,6.2C'], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2C,6.1'], None, {'OpenSSH': ['6.1', None, '6.2', None]}) cmp_tf(['6.2C,6.1'], True, {'OpenSSH': ['6.1', None, None, None]}) cmp_tf(['6.2C,6.1'], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.3,6.2C'], None, {'OpenSSH': ['6.3', None, '6.2', None]}) cmp_tf(['6.3,6.2C'], True, {'OpenSSH': ['6.3', None, None, None]}) cmp_tf(['6.3,6.2C'], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2C,6.3'], None, {'OpenSSH': ['6.3', None, '6.2', None]}) cmp_tf(['6.2C,6.3'], True, {'OpenSSH': ['6.3', None, None, None]}) cmp_tf(['6.2C,6.3'], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2', '6.6'], None, {'OpenSSH': ['6.2', '6.6', '6.2', '6.6']}) cmp_tf(['6.2', '6.6'], True, {'OpenSSH': ['6.2', '6.6', None, None]}) cmp_tf(['6.2', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']}) cmp_tf(['6.2C', '6.6'], None, {'OpenSSH': [None, '6.6', '6.2', '6.6']}) cmp_tf(['6.2C', '6.6'], True, {'OpenSSH': [None, '6.6', None, None]}) cmp_tf(['6.2C', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']}) cmp_tf(['6.1,6.2C', '6.6'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '6.6']}) cmp_tf(['6.1,6.2C', '6.6'], True, {'OpenSSH': ['6.1', '6.6', None, None]}) cmp_tf(['6.1,6.2C', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']}) cmp_tf(['6.2C,6.1', '6.6'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '6.6']}) cmp_tf(['6.2C,6.1', '6.6'], True, {'OpenSSH': ['6.1', '6.6', None, None]}) cmp_tf(['6.2C,6.1', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']}) cmp_tf(['6.3,6.2C', '6.6'], None, {'OpenSSH': ['6.3', '6.6', '6.2', '6.6']}) cmp_tf(['6.3,6.2C', '6.6'], True, {'OpenSSH': ['6.3', '6.6', None, None]}) cmp_tf(['6.3,6.2C', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']}) cmp_tf(['6.2C,6.3', '6.6'], None, {'OpenSSH': ['6.3', '6.6', '6.2', '6.6']}) cmp_tf(['6.2C,6.3', '6.6'], True, {'OpenSSH': ['6.3', '6.6', None, None]}) cmp_tf(['6.2C,6.3', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']}) cmp_tf(['6.2', '6.6', None], None, {'OpenSSH': ['6.2', '6.6', '6.2', None]}) cmp_tf(['6.2', '6.6', None], True, {'OpenSSH': ['6.2', '6.6', None, None]}) cmp_tf(['6.2', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2C', '6.6', None], None, {'OpenSSH': [None, '6.6', '6.2', None]}) cmp_tf(['6.2C', '6.6', None], True, {'OpenSSH': [None, '6.6', None, None]}) cmp_tf(['6.2C', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.1,6.2C', '6.6', None], None, {'OpenSSH': ['6.1', '6.6', '6.2', None]}) cmp_tf(['6.1,6.2C', '6.6', None], True, {'OpenSSH': ['6.1', '6.6', None, None]}) cmp_tf(['6.1,6.2C', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2C,6.1', '6.6', None], None, {'OpenSSH': ['6.1', '6.6', '6.2', None]}) cmp_tf(['6.2C,6.1', '6.6', None], True, {'OpenSSH': ['6.1', '6.6', None, None]}) cmp_tf(['6.2C,6.1', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]}) cmp_tf(['6.2,6.3C', '6.6', None], None, {'OpenSSH': ['6.2', '6.6', '6.3', None]}) cmp_tf(['6.2,6.3C', '6.6', None], True, {'OpenSSH': ['6.2', '6.6', None, None]}) cmp_tf(['6.2,6.3C', '6.6', None], False, {'OpenSSH': [None, None, '6.3', None]}) cmp_tf(['6.3C,6.2', '6.6', None], None, {'OpenSSH': ['6.2', '6.6', '6.3', None]}) cmp_tf(['6.3C,6.2', '6.6', None], True, {'OpenSSH': ['6.2', '6.6', None, None]}) cmp_tf(['6.3C,6.2', '6.6', None], False, {'OpenSSH': [None, None, '6.3', None]}) cmp_tf(['6.2', '6.6', '7.1'], None, {'OpenSSH': ['6.2', '6.6', '6.2', '7.1']}) cmp_tf(['6.2', '6.6', '7.1'], True, {'OpenSSH': ['6.2', '6.6', None, None]}) cmp_tf(['6.2', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.2', '7.1']}) cmp_tf(['6.1,6.2C', '6.6', '7.1'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '7.1']}) cmp_tf(['6.1,6.2C', '6.6', '7.1'], True, {'OpenSSH': ['6.1', '6.6', None, None]}) cmp_tf(['6.1,6.2C', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.2', '7.1']}) cmp_tf(['6.2C,6.1', '6.6', '7.1'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '7.1']}) cmp_tf(['6.2C,6.1', '6.6', '7.1'], True, {'OpenSSH': ['6.1', '6.6', None, None]}) cmp_tf(['6.2C,6.1', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.2', '7.1']}) cmp_tf(['6.2,6.3C', '6.6', '7.1'], None, {'OpenSSH': ['6.2', '6.6', '6.3', '7.1']}) cmp_tf(['6.2,6.3C', '6.6', '7.1'], True, {'OpenSSH': ['6.2', '6.6', None, None]}) cmp_tf(['6.2,6.3C', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.3', '7.1']}) cmp_tf(['6.3C,6.2', '6.6', '7.1'], None, {'OpenSSH': ['6.2', '6.6', '6.3', '7.1']}) cmp_tf(['6.3C,6.2', '6.6', '7.1'], True, {'OpenSSH': ['6.2', '6.6', None, None]}) cmp_tf(['6.3C,6.2', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.3', '7.1']}) tf1 = self._tf(['6.1,d2016.72,6.2C', '6.6,d2016.73', '7.1,d2016.74']) tf2 = self._tf(['d2016.72,6.2C,6.1', 'd2016.73,6.6', 'd2016.74,7.1']) tf3 = self._tf(['d2016.72,6.2C,6.1', '6.6,d2016.73', '7.1,d2016.74']) # check without caring for output order ov = "'OpenSSH': ['6.1', '6.6', '6.2', '7.1']" dv = "'Dropbear SSH': ['2016.72', '2016.73', '2016.72', '2016.74']" assert len(str(tf1)) == len(str(tf2)) == len(str(tf3)) assert ov in str(tf1) and ov in str(tf2) and ov in str(tf3) assert dv in str(tf1) and dv in str(tf2) and dv in str(tf3) assert ov in repr(tf1) and ov in repr(tf2) and ov in repr(tf3) assert dv in repr(tf1) and dv in repr(tf2) and dv in repr(tf3) def test_timeframe_object(self): tf = self._tf(['6.1,6.2C', '6.6', '7.1']) assert 'OpenSSH' in tf assert 'Dropbear SSH' not in tf assert 'libssh' not in tf assert 'unknown' not in tf assert tf['OpenSSH'] == ('6.1', '6.6', '6.2', '7.1') assert tf['Dropbear SSH'] == (None, None, None, None) assert tf['libssh'] == (None, None, None, None) assert tf['unknown'] == (None, None, None, None) assert tf.get_from('OpenSSH', True) == '6.1' assert tf.get_till('OpenSSH', True) == '6.6' assert tf.get_from('OpenSSH', False) == '6.2' assert tf.get_till('OpenSSH', False) == '7.1' tf = self._tf(['6.1,d2016.72,6.2C', '6.6,d2016.73', '7.1,d2016.74']) assert 'OpenSSH' in tf assert 'Dropbear SSH' in tf assert 'libssh' not in tf assert 'unknown' not in tf assert tf['OpenSSH'] == ('6.1', '6.6', '6.2', '7.1') assert tf['Dropbear SSH'] == ('2016.72', '2016.73', '2016.72', '2016.74') assert tf['libssh'] == (None, None, None, None) assert tf['unknown'] == (None, None, None, None) assert tf.get_from('OpenSSH', True) == '6.1' assert tf.get_till('OpenSSH', True) == '6.6' assert tf.get_from('OpenSSH', False) == '6.2' assert tf.get_till('OpenSSH', False) == '7.1' assert tf.get_from('Dropbear SSH', True) == '2016.72' assert tf.get_till('Dropbear SSH', True) == '2016.73' assert tf.get_from('Dropbear SSH', False) == '2016.72' assert tf.get_till('Dropbear SSH', False) == '2016.74' ov = "'OpenSSH': ['6.1', '6.6', '6.2', '7.1']" dv = "'Dropbear SSH': ['2016.72', '2016.73', '2016.72', '2016.74']" assert ov in str(tf) assert dv in str(tf) assert ov in repr(tf) assert dv in repr(tf) ssh-audit-3.3.0/test/test_auditconf.py000066400000000000000000000153041470352310600177660ustar00rootroot00000000000000import pytest from ssh_audit.ssh_audit import process_commandline # pylint: disable=attribute-defined-outside-init class TestAuditConf: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.AuditConf = ssh_audit.AuditConf self.OutputBuffer = ssh_audit.OutputBuffer() self.usage = ssh_audit.usage self.process_commandline = process_commandline @staticmethod def _test_conf(conf, **kwargs): options = { 'host': '', 'port': 22, 'ssh1': True, 'ssh2': True, 'batch': False, 'colors': True, 'verbose': False, 'level': 'info', 'ipv4': False, 'ipv6': False } for k, v in kwargs.items(): options[k] = v assert conf.host == options['host'] assert conf.port == options['port'] assert conf.ssh1 is options['ssh1'] assert conf.ssh2 is options['ssh2'] assert conf.batch is options['batch'] assert conf.colors is options['colors'] assert conf.verbose is options['verbose'] assert conf.level == options['level'] assert conf.ipv4 == options['ipv4'] assert conf.ipv6 == options['ipv6'] def test_audit_conf_defaults(self): conf = self.AuditConf() self._test_conf(conf) def test_audit_conf_booleans(self): conf = self.AuditConf() for p in ['ssh1', 'ssh2', 'batch', 'colors', 'verbose']: for v in [True, 1]: setattr(conf, p, v) assert getattr(conf, p) is True for v in [False, 0]: setattr(conf, p, v) assert getattr(conf, p) is False def test_audit_conf_port(self): conf = self.AuditConf() for port in [22, 2222]: conf.port = port assert conf.port == port for port in [-1, 0, 65536, 99999]: with pytest.raises(ValueError) as excinfo: conf.port = port excinfo.match(r'.*invalid port.*') def test_audit_conf_ip_version_preference(self): # ipv4-only conf = self.AuditConf() conf.ipv4 = True assert conf.ipv4 is True assert conf.ipv6 is False assert conf.ip_version_preference == [4] # ipv6-only conf = self.AuditConf() conf.ipv6 = True assert conf.ipv4 is False assert conf.ipv6 is True assert conf.ip_version_preference == [6] # ipv4-preferred conf = self.AuditConf() conf.ipv4 = True conf.ipv6 = True assert conf.ipv4 is True assert conf.ipv6 is True assert conf.ip_version_preference == [4, 6] # ipv6-preferred conf = self.AuditConf() conf.ipv6 = True conf.ipv4 = True assert conf.ipv4 is True assert conf.ipv6 is True assert conf.ip_version_preference == [6, 4] # defaults conf = self.AuditConf() assert conf.ipv4 is False assert conf.ipv6 is False assert conf.ip_version_preference == [] def test_audit_conf_level(self): conf = self.AuditConf() for level in ['info', 'warn', 'fail']: conf.level = level assert conf.level == level for level in ['head', 'good', 'unknown', None]: with pytest.raises(ValueError) as excinfo: conf.level = level excinfo.match(r'.*invalid level.*') def test_audit_conf_process_commandline(self): # pylint: disable=too-many-statements c = lambda x: self.process_commandline(self.OutputBuffer, x.split(), self.usage) # noqa with pytest.raises(SystemExit): conf = c('') with pytest.raises(SystemExit): conf = c('-x') with pytest.raises(SystemExit): conf = c('-h') with pytest.raises(SystemExit): conf = c('--help') with pytest.raises(SystemExit): conf = c(':') with pytest.raises(SystemExit): conf = c(':22') conf = c('localhost') self._test_conf(conf, host='localhost') conf = c('github.com') self._test_conf(conf, host='github.com') conf = c('localhost:2222') self._test_conf(conf, host='localhost', port=2222) conf = c('-p 2222 localhost') self._test_conf(conf, host='localhost', port=2222) conf = c('2001:4860:4860::8888') self._test_conf(conf, host='2001:4860:4860::8888') conf = c('[2001:4860:4860::8888]:22') self._test_conf(conf, host='2001:4860:4860::8888') conf = c('[2001:4860:4860::8888]:2222') self._test_conf(conf, host='2001:4860:4860::8888', port=2222) conf = c('-p 2222 2001:4860:4860::8888') self._test_conf(conf, host='2001:4860:4860::8888', port=2222) with pytest.raises(ValueError): conf = c('localhost:abc') with pytest.raises(SystemExit): conf = c('-p abc localhost') with pytest.raises(ValueError): conf = c('localhost:-22') with pytest.raises(SystemExit): conf = c('-p -22 localhost') with pytest.raises(ValueError): conf = c('localhost:99999') with pytest.raises(SystemExit): conf = c('-p 99999 localhost') conf = c('-1 localhost') self._test_conf(conf, host='localhost', ssh1=True, ssh2=False) conf = c('-2 localhost') self._test_conf(conf, host='localhost', ssh1=False, ssh2=True) conf = c('-12 localhost') self._test_conf(conf, host='localhost', ssh1=True, ssh2=True) conf = c('-4 localhost') self._test_conf(conf, host='localhost', ipv4=True, ipv6=False, ipvo=(4,)) conf = c('-6 localhost') self._test_conf(conf, host='localhost', ipv4=False, ipv6=True, ipvo=(6,)) conf = c('-46 localhost') self._test_conf(conf, host='localhost', ipv4=True, ipv6=True, ipvo=(4, 6)) conf = c('-64 localhost') self._test_conf(conf, host='localhost', ipv4=True, ipv6=True, ipvo=(6, 4)) conf = c('-b localhost') self._test_conf(conf, host='localhost', batch=True, verbose=True) conf = c('-n localhost') self._test_conf(conf, host='localhost', colors=False) conf = c('-v localhost') self._test_conf(conf, host='localhost', verbose=True) conf = c('-l info localhost') self._test_conf(conf, host='localhost', level='info') conf = c('-l warn localhost') self._test_conf(conf, host='localhost', level='warn') conf = c('-l fail localhost') self._test_conf(conf, host='localhost', level='fail') with pytest.raises(SystemExit): conf = c('-l something localhost') ssh-audit-3.3.0/test/test_banner.py000066400000000000000000000064131470352310600172600ustar00rootroot00000000000000import pytest from ssh_audit.banner import Banner # pylint: disable=line-too-long,attribute-defined-outside-init class TestBanner: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.banner = Banner def test_simple_banners(self): banner = lambda x: self.banner.parse(x) # noqa b = banner('SSH-2.0-OpenSSH_7.3') assert b.protocol == (2, 0) assert b.software == 'OpenSSH_7.3' assert b.comments is None assert str(b) == 'SSH-2.0-OpenSSH_7.3' b = banner('SSH-1.99-Sun_SSH_1.1.3') assert b.protocol == (1, 99) assert b.software == 'Sun_SSH_1.1.3' assert b.comments is None assert str(b) == 'SSH-1.99-Sun_SSH_1.1.3' b = banner('SSH-1.5-Cisco-1.25') assert b.protocol == (1, 5) assert b.software == 'Cisco-1.25' assert b.comments is None assert str(b) == 'SSH-1.5-Cisco-1.25' def test_invalid_banners(self): b = lambda x: self.banner.parse(x) # noqa assert b('Something') is None assert b('SSH-XXX-OpenSSH_7.3') is None def test_banners_with_spaces(self): b = lambda x: self.banner.parse(x) # noqa s = 'SSH-2.0-OpenSSH_4.3p2' assert str(b('SSH-2.0-OpenSSH_4.3p2 ')) == s assert str(b('SSH-2.0- OpenSSH_4.3p2')) == s assert str(b('SSH-2.0- OpenSSH_4.3p2 ')) == s s = 'SSH-2.0-OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu' assert str(b('SSH-2.0- OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu')) == s assert str(b('SSH-2.0-OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu ')) == s assert str(b('SSH-2.0- OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu ')) == s def test_banners_without_software(self): b = lambda x: self.banner.parse(x) # noqa assert b('SSH-2.0').protocol == (2, 0) assert b('SSH-2.0').software is None assert b('SSH-2.0').comments is None assert str(b('SSH-2.0')) == 'SSH-2.0' assert b('SSH-2.0-').protocol == (2, 0) assert b('SSH-2.0-').software == '' assert b('SSH-2.0-').comments is None assert str(b('SSH-2.0-')) == 'SSH-2.0-' def test_banners_with_comments(self): b = lambda x: self.banner.parse(x) # noqa assert repr(b('SSH-2.0-OpenSSH_7.2p2 Ubuntu-1')) == '' assert repr(b('SSH-1.99-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3')) == '' assert repr(b('SSH-1.5-1.3.7 F-SECURE SSH')) == '' def test_banners_with_multiple_protocols(self): b = lambda x: self.banner.parse(x) # noqa assert str(b('SSH-1.99-SSH-1.99-OpenSSH_3.6.1p2')) == 'SSH-1.99-OpenSSH_3.6.1p2' assert str(b('SSH-2.0-SSH-2.0-OpenSSH_4.3p2 Debian-9')) == 'SSH-2.0-OpenSSH_4.3p2 Debian-9' assert str(b('SSH-1.99-SSH-2.0-dropbear_0.5')) == 'SSH-1.99-dropbear_0.5' assert str(b('SSH-2.0-SSH-1.99-OpenSSH_4.2p1 SSH Secure Shell (non-commercial)')) == 'SSH-1.99-OpenSSH_4.2p1 SSH Secure Shell (non-commercial)' assert str(b('SSH-1.99-SSH-1.99-SSH-1.99-OpenSSH_3.9p1')) == 'SSH-1.99-OpenSSH_3.9p1' ssh-audit-3.3.0/test/test_buffer.py000066400000000000000000000122341470352310600172620ustar00rootroot00000000000000import re import pytest from ssh_audit.readbuf import ReadBuf from ssh_audit.writebuf import WriteBuf # pylint: disable=attribute-defined-outside-init,bad-whitespace class TestBuffer: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.rbuf = ReadBuf self.wbuf = WriteBuf self.utf8rchar = b'\xef\xbf\xbd' @classmethod def _b(cls, v): v = re.sub(r'\s', '', v) data = [int(v[i * 2:i * 2 + 2], 16) for i in range(len(v) // 2)] return bytes(bytearray(data)) def test_unread(self): w = self.wbuf().write_byte(1).write_int(2).write_flush() r = self.rbuf(w) assert r.unread_len == 5 r.read_byte() assert r.unread_len == 4 r.read_int() assert r.unread_len == 0 def test_byte(self): w = lambda x: self.wbuf().write_byte(x).write_flush() # noqa r = lambda x: self.rbuf(x).read_byte() # noqa tc = [(0x00, '00'), (0x01, '01'), (0x10, '10'), (0xff, 'ff')] for p in tc: assert w(p[0]) == self._b(p[1]) assert r(self._b(p[1])) == p[0] def test_bool(self): w = lambda x: self.wbuf().write_bool(x).write_flush() # noqa r = lambda x: self.rbuf(x).read_bool() # noqa tc = [(True, '01'), (False, '00')] for p in tc: assert w(p[0]) == self._b(p[1]) assert r(self._b(p[1])) == p[0] def test_int(self): w = lambda x: self.wbuf().write_int(x).write_flush() # noqa r = lambda x: self.rbuf(x).read_int() # noqa tc = [(0x00, '00 00 00 00'), (0x01, '00 00 00 01'), (0xabcd, '00 00 ab cd'), (0xffffffff, 'ff ff ff ff')] for p in tc: assert w(p[0]) == self._b(p[1]) assert r(self._b(p[1])) == p[0] def test_string(self): w = lambda x: self.wbuf().write_string(x).write_flush() # noqa r = lambda x: self.rbuf(x).read_string() # noqa tc = [('abc1', '00 00 00 04 61 62 63 31'), (b'abc2', '00 00 00 04 61 62 63 32')] for p in tc: v = p[0] assert w(v) == self._b(p[1]) if not isinstance(v, bytes): v = bytes(bytearray(v, 'utf-8')) assert r(self._b(p[1])) == v def test_list(self): w = lambda x: self.wbuf().write_list(x).write_flush() # noqa r = lambda x: self.rbuf(x).read_list() # noqa tc = [(['d', 'ef', 'ault'], '00 00 00 09 64 2c 65 66 2c 61 75 6c 74')] for p in tc: assert w(p[0]) == self._b(p[1]) assert r(self._b(p[1])) == p[0] def test_list_nonutf8(self): r = lambda x: self.rbuf(x).read_list() # noqa src = self._b('00 00 00 04 de ad be ef') dst = [(b'\xde\xad' + self.utf8rchar + self.utf8rchar).decode('utf-8')] assert r(src) == dst def test_line(self): w = lambda x: self.wbuf().write_line(x).write_flush() # noqa r = lambda x: self.rbuf(x).read_line() # noqa tc = [('example line', '65 78 61 6d 70 6c 65 20 6c 69 6e 65 0d 0a')] for p in tc: assert w(p[0]) == self._b(p[1]) assert r(self._b(p[1])) == p[0] def test_line_nonutf8(self): r = lambda x: self.rbuf(x).read_line() # noqa src = self._b('de ad be af') dst = (b'\xde\xad' + self.utf8rchar + self.utf8rchar).decode('utf-8') assert r(src) == dst def test_bitlen(self): # pylint: disable=protected-access class Py26Int(int): def bit_length(self): raise AttributeError assert self.wbuf._bitlength(42) == 6 assert self.wbuf._bitlength(Py26Int(42)) == 6 def test_mpint1(self): mpint1w = lambda x: self.wbuf().write_mpint1(x).write_flush() # noqa mpint1r = lambda x: self.rbuf(x).read_mpint1() # noqa tc = [(0x0, '00 00'), (0x1234, '00 0d 12 34'), (0x12345, '00 11 01 23 45'), (0xdeadbeef, '00 20 de ad be ef')] for p in tc: assert mpint1w(p[0]) == self._b(p[1]) assert mpint1r(self._b(p[1])) == p[0] def test_mpint2(self): mpint2w = lambda x: self.wbuf().write_mpint2(x).write_flush() # noqa mpint2r = lambda x: self.rbuf(x).read_mpint2() # noqa tc = [(0x0, '00 00 00 00'), (0x80, '00 00 00 02 00 80'), (0x9a378f9b2e332a7, '00 00 00 08 09 a3 78 f9 b2 e3 32 a7'), (-0x1234, '00 00 00 02 ed cc'), (-0xdeadbeef, '00 00 00 05 ff 21 52 41 11'), (-0x8000, '00 00 00 02 80 00'), (-0x80, '00 00 00 01 80')] for p in tc: assert mpint2w(p[0]) == self._b(p[1]) assert mpint2r(self._b(p[1])) == p[0] assert mpint2r(self._b('00 00 00 02 ff 80')) == -0x80 def test_reset(self): w = self.wbuf() w.write_int(7) w.write_int(13) assert len(w.write_flush()) == 8 w.write_int(7) w.write_int(13) w.reset() assert len(w.write_flush()) == 0 ssh-audit-3.3.0/test/test_build_struct.py000066400000000000000000000037661470352310600205260ustar00rootroot00000000000000import os import pytest from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.ssh2_kexparty import SSH2_KexParty @pytest.fixture def kex(ssh_audit): kex_algs, key_algs = [], [] enc, mac, compression, languages = [], [], ['none'], [] cli = SSH2_KexParty(enc, mac, compression, languages) enc, mac, compression, languages = [], [], ['none'], [] srv = SSH2_KexParty(enc, mac, compression, languages) cookie = os.urandom(16) kex = SSH2_Kex(OutputBuffer, cookie, kex_algs, key_algs, cli, srv, 0) return kex def test_prevent_runtime_error_regression(ssh_audit, kex): """Prevent a regression of https://github.com/jtesta/ssh-audit/issues/41 The following test setup does not contain any sensible data. It was made up to reproduce a situation when there are several host keys, and an error occurred when iterating and modifying them at the same time. """ kex.set_host_key("ssh-rsa", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa1", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa2", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa3", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa4", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa5", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa6", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0) rv = ssh_audit.build_struct('localhost', None, kex=kex) assert len(rv["fingerprints"]) == (9 * 2) # Each host key generates two hash fingerprints: one using SHA256, and one using MD5. for key in ['banner', 'compression', 'enc', 'fingerprints', 'kex', 'key', 'mac']: assert key in rv ssh-audit-3.3.0/test/test_dheater.py000066400000000000000000000017611470352310600174300ustar00rootroot00000000000000import pytest from ssh_audit.ssh2_kexdb import SSH2_KexDB from ssh_audit.dheat import DHEat class TestDHEat: @pytest.fixture(autouse=True) def init(self): self.SSH2_KexDB = SSH2_KexDB self.DHEat = DHEat def test_kex_definition_completeness(self): alg_db = self.SSH2_KexDB.get_db() kex_db = alg_db['kex'] # Get all Diffie-Hellman algorithms defined in our database. dh_algs = [] for kex in kex_db: if kex.startswith('diffie-hellman-'): dh_algs.append(kex) # Ensure that each DH algorithm in our database is in either DHEat's alg_priority or gex_algs list. Also ensure that all non-group exchange algorithms are accounted for in the alg_modulus_sizes dictionary. for dh_alg in dh_algs: assert (dh_alg in self.DHEat.alg_priority) or (dh_alg in self.DHEat.gex_algs) if dh_alg.find("group-exchange") == -1: assert dh_alg in self.DHEat.alg_modulus_sizes ssh-audit-3.3.0/test/test_errors.py000066400000000000000000000155201470352310600173260ustar00rootroot00000000000000import socket import errno import pytest from ssh_audit.outputbuffer import OutputBuffer # pylint: disable=attribute-defined-outside-init class TestErrors: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.AuditConf = ssh_audit.AuditConf self.OutputBuffer = ssh_audit.OutputBuffer self.audit = ssh_audit.audit def _conf(self): conf = self.AuditConf('localhost', 22) conf.colors = False conf.batch = True conf.skip_rate_test = True return conf def _audit(self, spy, conf=None, exit_expected=False): if conf is None: conf = self._conf() spy.begin() out = OutputBuffer() if exit_expected: with pytest.raises(SystemExit): self.audit(out, conf) else: ret = self.audit(out, conf) assert ret != 0 out.write() lines = spy.flush() # If the last line is empty, delete it. if len(lines) > 1 and lines[-1] == '': del lines[-1] return lines def test_connection_unresolved(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.gsock.addrinfodata['localhost#22'] = [] lines = self._audit(output_spy, exit_expected=True) assert len(lines) == 1 assert 'has no DNS records' in lines[-1] def test_connection_refused(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.errors['connect'] = socket.error(errno.ECONNREFUSED, 'Connection refused') lines = self._audit(output_spy, exit_expected=True) assert len(lines) == 1 assert 'Connection refused' in lines[-1] def test_connection_timeout(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.errors['connect'] = socket.timeout('timed out') lines = self._audit(output_spy, exit_expected=True) assert len(lines) == 1 assert 'timed out' in lines[-1] def test_recv_empty(self, output_spy, virtual_socket): lines = self._audit(output_spy) assert len(lines) == 1 assert 'did not receive banner' in lines[-1] def test_recv_timeout(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(socket.timeout('timed out')) lines = self._audit(output_spy) assert len(lines) == 1 assert 'did not receive banner' in lines[-1] assert 'timed out' in lines[-1] def test_recv_retry_till_timeout(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable')) vsocket.rdata.append(socket.error(errno.EWOULDBLOCK, 'Resource temporarily unavailable')) vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable')) vsocket.rdata.append(socket.timeout('timed out')) lines = self._audit(output_spy) assert len(lines) == 1 assert 'did not receive banner' in lines[-1] assert 'timed out' in lines[-1] def test_recv_retry_till_reset(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable')) vsocket.rdata.append(socket.error(errno.EWOULDBLOCK, 'Resource temporarily unavailable')) vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable')) vsocket.rdata.append(socket.error(errno.ECONNRESET, 'Connection reset by peer')) lines = self._audit(output_spy) assert len(lines) == 1 assert 'did not receive banner' in lines[-1] assert 'reset by peer' in lines[-1] def test_connection_closed_before_banner(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(socket.error(errno.ECONNRESET, 'Connection reset by peer')) lines = self._audit(output_spy) assert len(lines) == 1 assert 'did not receive banner' in lines[-1] assert 'reset by peer' in lines[-1] def test_connection_closed_after_header(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(b'header line 1\n') vsocket.rdata.append(b'\n') vsocket.rdata.append(b'header line 2\n') vsocket.rdata.append(socket.error(errno.ECONNRESET, 'Connection reset by peer')) lines = self._audit(output_spy) assert len(lines) == 3 assert 'did not receive banner' in lines[-1] assert 'reset by peer' in lines[-1] def test_connection_closed_after_banner(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n') vsocket.rdata.append(socket.error(54, 'Connection reset by peer')) lines = self._audit(output_spy) assert len(lines) == 2 assert 'error reading packet' in lines[-1] assert 'reset by peer' in lines[-1] def test_empty_data_after_banner(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n') lines = self._audit(output_spy) assert len(lines) == 2 assert 'error reading packet' in lines[-1] assert 'empty' in lines[-1] def test_wrong_data_after_banner(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n') vsocket.rdata.append(b'xxx\n') lines = self._audit(output_spy) assert len(lines) == 2 assert 'error reading packet' in lines[-1] assert 'xxx' in lines[-1] def test_non_ascii_banner(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\xc3\xbc\r\n') lines = self._audit(output_spy) assert len(lines) == 3 assert 'error reading packet' in lines[-1] assert 'ASCII' in lines[-2] assert lines[-3].endswith('SSH-2.0-ssh-audit-test?') def test_nonutf8_data_after_banner(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n') vsocket.rdata.append(b'\x81\xff\n') lines = self._audit(output_spy) assert len(lines) == 2 assert 'error reading packet' in lines[-1] assert '\\x81\\xff' in lines[-1] def test_protocol_mismatch_by_conf(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.rdata.append(b'SSH-1.3-ssh-audit-test\r\n') vsocket.rdata.append(b'Protocol major versions differ.\n') conf = self._conf() conf.ssh1, conf.ssh2 = True, False lines = self._audit(output_spy, conf) assert len(lines) == 4 assert 'error reading packet' in lines[-1] assert 'major versions differ' in lines[-1] ssh-audit-3.3.0/test/test_outputbuffer.py000066400000000000000000000125111470352310600205410ustar00rootroot00000000000000import pytest # pylint: disable=attribute-defined-outside-init class TestOutputBuffer: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.OutputBuffer = ssh_audit.OutputBuffer def test_outputbuffer_no_lines(self, output_spy): output_spy.begin() obuf = self.OutputBuffer() obuf.write() assert output_spy.flush() == [''] output_spy.begin() def test_outputbuffer_defaults(self): obuf = self.OutputBuffer() # default: on assert obuf.batch is False assert obuf.use_colors is True assert obuf.level == 'info' def test_outputbuffer_colors(self, output_spy): out = self.OutputBuffer() # Test without colors. out.use_colors = False output_spy.begin() out.info('info color') out.write() assert output_spy.flush() == ['info color'] output_spy.begin() out.head('head color') out.write() assert output_spy.flush() == ['head color'] output_spy.begin() out.good('good color') out.write() assert output_spy.flush() == ['good color'] output_spy.begin() out.warn('warn color') out.write() assert output_spy.flush() == ['warn color'] output_spy.begin() out.fail('fail color') out.write() assert output_spy.flush() == ['fail color'] # If colors aren't supported by this system, skip the color tests. if not out.colors_supported: return # Test with colors. out.use_colors = True output_spy.begin() out.info('info color') out.write() assert output_spy.flush() == ['info color'] output_spy.begin() out.head('head color') out.write() assert output_spy.flush() in [['\x1b[0;36mhead color\x1b[0m'], ['\x1b[0;96mhead color\x1b[0m']] output_spy.begin() out.good('good color') out.write() assert output_spy.flush() in [['\x1b[0;32mgood color\x1b[0m'], ['\x1b[0;92mgood color\x1b[0m']] output_spy.begin() out.warn('warn color') out.write() assert output_spy.flush() in [['\x1b[0;33mwarn color\x1b[0m'], ['\x1b[0;93mwarn color\x1b[0m']] output_spy.begin() out.fail('fail color') out.write() assert output_spy.flush() in [['\x1b[0;31mfail color\x1b[0m'], ['\x1b[0;91mfail color\x1b[0m']] def test_outputbuffer_sep(self, output_spy): out = self.OutputBuffer() output_spy.begin() out.sep() out.sep() out.sep() out.write() assert output_spy.flush() == ['', '', ''] def test_outputbuffer_levels(self): out = self.OutputBuffer() assert out.get_level('info') == 0 assert out.get_level('good') == 0 assert out.get_level('warn') == 1 assert out.get_level('fail') == 2 assert out.get_level('unknown') > 2 def test_outputbuffer_level_property(self): out = self.OutputBuffer() out.level = 'info' assert out.level == 'info' out.level = 'good' assert out.level == 'info' out.level = 'warn' assert out.level == 'warn' out.level = 'fail' assert out.level == 'fail' out.level = 'invalid level' assert out.level == 'unknown' def test_outputbuffer_level(self, output_spy): out = self.OutputBuffer() # visible: all out.level = 'info' output_spy.begin() out.info('info color') out.head('head color') out.good('good color') out.warn('warn color') out.fail('fail color') out.write() assert len(output_spy.flush()) == 5 # visible: head, warn, fail out.level = 'warn' output_spy.begin() out.info('info color') out.head('head color') out.good('good color') out.warn('warn color') out.fail('fail color') out.write() assert len(output_spy.flush()) == 3 # visible: head, fail out.level = 'fail' output_spy.begin() out.info('info color') out.head('head color') out.good('good color') out.warn('warn color') out.fail('fail color') out.write() assert len(output_spy.flush()) == 2 # visible: head out.level = 'invalid level' output_spy.begin() out.info('info color') out.head('head color') out.good('good color') out.warn('warn color') out.fail('fail color') out.write() assert len(output_spy.flush()) == 1 def test_outputbuffer_batch(self, output_spy): out = self.OutputBuffer() # visible: all output_spy.begin() out.level = 'info' out.batch = False out.info('info color') out.head('head color') out.good('good color') out.warn('warn color') out.fail('fail color') out.write() assert len(output_spy.flush()) == 5 # visible: all except head output_spy.begin() out.level = 'info' out.batch = True out.info('info color') out.head('head color') out.good('good color') out.warn('warn color') out.fail('fail color') out.write() assert len(output_spy.flush()) == 4 ssh-audit-3.3.0/test/test_policy.py000066400000000000000000000520431470352310600173120ustar00rootroot00000000000000import hashlib import pytest from datetime import date from ssh_audit.builtin_policies import BUILTIN_POLICIES from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.policy import Policy from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.writebuf import WriteBuf class TestPolicy: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.OutputBuffer = OutputBuffer self.Policy = Policy self.wbuf = WriteBuf self.ssh2_kex = SSH2_Kex def _get_kex(self): '''Returns an SSH2.Kex object to simulate a server connection.''' w = self.wbuf() w.write(b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff') w.write_list(['kex_alg1', 'kex_alg2']) w.write_list(['key_alg1', 'key_alg2']) w.write_list(['cipher_alg1', 'cipher_alg2', 'cipher_alg3']) w.write_list(['cipher_alg1', 'cipher_alg2', 'cipher_alg3']) w.write_list(['mac_alg1', 'mac_alg2', 'mac_alg3']) w.write_list(['mac_alg1', 'mac_alg2', 'mac_alg3']) w.write_list(['comp_alg1', 'comp_alg2']) w.write_list(['comp_alg1', 'comp_alg2']) w.write_list(['']) w.write_list(['']) w.write_byte(False) w.write_int(0) return self.ssh2_kex.parse(self.OutputBuffer, w.write_flush()) def test_builtin_policy_consistency(self): '''Ensure that the BUILTIN_POLICIES struct is consistent.''' for policy_name in BUILTIN_POLICIES: # Ensure that all required fields are present. required_fields = ['version', 'changelog', 'banner', 'compressions', 'host_keys', 'optional_host_keys', 'kex', 'ciphers', 'macs', 'hostkey_sizes', 'dh_modulus_sizes', 'server_policy'] for field in required_fields: assert field in BUILTIN_POLICIES[policy_name] # Ensure that the policy name ends with " (version X)", where X is the 'version' field. version_str = " (version %s)" % BUILTIN_POLICIES[policy_name]['version'] assert policy_name.endswith(version_str) # Ensure version field is a string, but can be parsed as an integer. version_field = BUILTIN_POLICIES[policy_name]['version'] assert type(version_field) is str try: int(version_field) except ValueError: assert False, "version field of %s policy is not parseable as an integer." % policy_name # Ensure no extra fields are present. assert len(required_fields) == len(BUILTIN_POLICIES[policy_name]) # Ensure that the changelog field is a string and non-empty. assert type(BUILTIN_POLICIES[policy_name]['changelog']) is str assert len(BUILTIN_POLICIES[policy_name]['changelog']) > 0 # Ensure that at least one host key is defined. assert type(BUILTIN_POLICIES[policy_name]['host_keys']) is list assert len(BUILTIN_POLICIES[policy_name]['host_keys']) > 0 # Ensure that at least one key exchange is defined. assert type(BUILTIN_POLICIES[policy_name]['kex']) is list assert len(BUILTIN_POLICIES[policy_name]['kex']) > 0 # Ensure that at least one cipher is defined. assert type(BUILTIN_POLICIES[policy_name]['ciphers']) is list assert len(BUILTIN_POLICIES[policy_name]['ciphers']) > 0 # Ensure that at least one MAC is defined assert type(BUILTIN_POLICIES[policy_name]['macs']) is list assert len(BUILTIN_POLICIES[policy_name]['macs']) > 0 # These tests apply to server policies only. if BUILTIN_POLICIES[policy_name]['server_policy']: assert type(BUILTIN_POLICIES[policy_name]['hostkey_sizes']) is dict assert len(BUILTIN_POLICIES[policy_name]['hostkey_sizes']) > 0 # Examine all the hostkey_sizes entries... for hostkey_type in BUILTIN_POLICIES[policy_name]['hostkey_sizes']: hostkey_data = BUILTIN_POLICIES[policy_name]['hostkey_sizes'][hostkey_type] # Ensure that 'hostkey_size' is always included and that it is an integer. assert 'hostkey_size' in hostkey_data assert type(hostkey_data['hostkey_size']) is int # If this is an ed25519 host key, ensure its size is fixed at 256. If its an RSA host key, ensure the size is 4096. if hostkey_type.find('ed25519') != -1: assert int(hostkey_data['hostkey_size']) == 256 elif hostkey_type.startswith('rsa-'): assert int(hostkey_data['hostkey_size']) == 4096 else: # Catch unexpected host key types. assert False # Ensure either that 'ca_key_type' and 'ca_key_size' are both present, or neither are. Fail cases when only one of the fields are present. assert (('ca_key_type' in hostkey_data) and ('ca_key_size' in hostkey_data)) or (('ca_key_type' not in hostkey_data) and ('ca_key_size' not in hostkey_data)) # Ensure that the ca_key_type is either ssh-rsa or ssh-ed25519. if 'ca_key_type' in hostkey_data: assert hostkey_data['ca_key_type'] in ['ssh-rsa', 'ssh-ed25519'] # Ensure RSA CA key sizes are fixed at 4096. Ensure ED25519 CA keys are 256. if 'ca_key_size' in hostkey_data: if 'ca_key_type' == 'ssh-rsa': assert hostkey_data['ca_key_size'] == 4096 elif 'ca_key_type' == 'ssh-ed25519': assert hostkey_data['ca_key_size'] == 256 # Ensure that the 'dh_modulus_size' field is a dict. assert type(BUILTIN_POLICIES[policy_name]['dh_modulus_sizes']) is dict # The 'dh_modulus_size' field should have either one entry, or be empty. assert len(BUILTIN_POLICIES[policy_name]['dh_modulus_sizes']) in range(0, 2) # The endpoint in range() is not inclusive # If 'diffie-hellman-group-exchange-sha256' is in the kex list, ensure that it exists in the 'dh_modulus_sizes' entry. That entry must be defined for 2048 bits or larger. if 'diffie-hellman-group-exchange-sha256' in BUILTIN_POLICIES[policy_name]['kex']: assert 'diffie-hellman-group-exchange-sha256' in BUILTIN_POLICIES[policy_name]['dh_modulus_sizes'] assert int(BUILTIN_POLICIES[policy_name]['dh_modulus_sizes']['diffie-hellman-group-exchange-sha256']) >= 2048 else: # Client-specific tests. # These must be set to None for client policies, since they have no meaning otherwise. assert BUILTIN_POLICIES[policy_name]['hostkey_sizes'] is None assert BUILTIN_POLICIES[policy_name]['dh_modulus_sizes'] is None # Ensure that each built-in policy can be loaded with Policy.load_builtin_policy(). assert Policy.load_builtin_policy(policy_name) is not None # Ensure that both server and client policy names are returned. server_policy_names, client_policy_names = Policy.list_builtin_policies(False) assert len(server_policy_names) > 0 assert len(client_policy_names) > 0 def test_policy_basic(self): '''Ensure that a basic policy can be parsed correctly.''' policy_data = '''# This is a comment name = "Test Policy" version = 1 compressions = comp_alg1 host keys = key_alg1 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' policy = self.Policy(policy_data=policy_data) assert str(policy) == "Name: [Test Policy]\nVersion: [1]\nAllow Algorithm Subset and/or Reordering: False\nBanner: {undefined}\nCompressions: comp_alg1\nHost Keys: key_alg1\nOptional Host Keys: {undefined}\nKey Exchanges: kex_alg1, kex_alg2\nCiphers: cipher_alg1, cipher_alg2, cipher_alg3\nMACs: mac_alg1, mac_alg2, mac_alg3\nHost Key Sizes: {undefined}\nDH Modulus Sizes: {undefined}\nServer Policy: True" def test_policy_invalid_1(self): '''Basic policy, but with 'ciphersx' instead of 'ciphers'.''' policy_data = '''# This is a comment name = "Test Policy" version = 1 compressions = comp_alg1 host keys = key_alg1 key exchanges = kex_alg1, kex_alg2 ciphersx = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' failed = False try: self.Policy(policy_data=policy_data) except ValueError: failed = True assert failed, "Invalid policy did not cause Policy object to throw exception" def test_policy_invalid_2(self): '''Basic policy, but is missing the required name field.''' policy_data = '''# This is a comment #name = "Test Policy" version = 1 compressions = comp_alg1 host keys = key_alg1 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' failed = False try: self.Policy(policy_data=policy_data) except ValueError: failed = True assert failed, "Invalid policy did not cause Policy object to throw exception" def test_policy_invalid_3(self): '''Basic policy, but is missing the required version field.''' policy_data = '''# This is a comment name = "Test Policy" #version = 1 compressions = comp_alg1 host keys = key_alg1 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' failed = False try: self.Policy(policy_data=policy_data) except ValueError: failed = True assert failed, "Invalid policy did not cause Policy object to throw exception" def test_policy_invalid_4(self): '''Basic policy, but is missing quotes in the name field.''' policy_data = '''# This is a comment name = Test Policy version = 1 compressions = comp_alg1 host keys = key_alg1 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' failed = False try: self.Policy(policy_data=policy_data) except ValueError: failed = True assert failed, "Invalid policy did not cause Policy object to throw exception" def test_policy_invalid_5(self): '''Basic policy, but is missing quotes in the banner field.''' policy_data = '''# This is a comment name = "Test Policy" version = 1 banner = 0mg compressions = comp_alg1 host keys = key_alg1 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' failed = False try: self.Policy(policy_data=policy_data) except ValueError: failed = True assert failed, "Invalid policy did not cause Policy object to throw exception" def test_policy_invalid_6(self): '''Basic policy, but is missing quotes in the header field.''' policy_data = '''# This is a comment name = "Test Policy" version = 1 header = 0mg compressions = comp_alg1 host keys = key_alg1 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' failed = False try: self.Policy(policy_data=policy_data) except ValueError: failed = True assert failed, "Invalid policy did not cause Policy object to throw exception" def test_policy_create_1(self): '''Creates a policy from a kex and ensures it is generated exactly as expected.''' kex = self._get_kex() pol_data = self.Policy.create('www.l0l.com', 'bannerX', kex, False) # Today's date is embedded in the policy, so filter it out to get repeatable results. pol_data = pol_data.replace(date.today().strftime('%Y/%m/%d'), '[todays date]') # Instead of writing out the entire expected policy--line by line--just check that it has the expected hash. assert hashlib.sha256(pol_data.encode('ascii')).hexdigest() == 'fb84bce442cff2bce9bf653d6373a8a938e3bfcfbd1e876f51a08c1842df3cff' def test_policy_evaluate_passing_1(self): '''Creates a policy and evaluates it against the same server''' kex = self._get_kex() policy_data = self.Policy.create('www.l0l.com', None, kex, False) policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', kex) assert ret is True assert len(errors) == 0 print(error_str) assert len(error_str) == 0 def test_policy_evaluate_failing_1(self): '''Ensure that a policy with a specified banner fails against a server with a different banner''' policy_data = '''name = "Test Policy" version = 1 banner = "XXX mismatched banner XXX" compressions = comp_alg1, comp_alg2 host keys = key_alg1, key_alg2 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find('Banner did not match.') != -1 def test_policy_evaluate_failing_2(self): '''Ensure that a mismatched compressions list results in a failure''' policy_data = '''name = "Test Policy" version = 1 compressions = XXXmismatchedXXX, comp_alg1, comp_alg2 host keys = key_alg1, key_alg2 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find('Compression did not match.') != -1 def test_policy_evaluate_failing_3(self): '''Ensure that a mismatched host keys results in a failure''' policy_data = '''name = "Test Policy" version = 1 compressions = comp_alg1, comp_alg2 host keys = XXXmismatchedXXX, key_alg1, key_alg2 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find('Host keys did not match.') != -1 def test_policy_evaluate_failing_4(self): '''Ensure that a mismatched key exchange list results in a failure''' policy_data = '''name = "Test Policy" version = 1 compressions = comp_alg1, comp_alg2 host keys = key_alg1, key_alg2 key exchanges = XXXmismatchedXXX, kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find('Key exchanges did not match.') != -1 def test_policy_evaluate_failing_5(self): '''Ensure that a mismatched cipher list results in a failure''' policy_data = '''name = "Test Policy" version = 1 compressions = comp_alg1, comp_alg2 host keys = key_alg1, key_alg2 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, XXXmismatched, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find('Ciphers did not match.') != -1 def test_policy_evaluate_failing_6(self): '''Ensure that a mismatched MAC list results in a failure''' policy_data = '''name = "Test Policy" version = 1 compressions = comp_alg1, comp_alg2 host keys = key_alg1, key_alg2 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, XXXmismatched, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find('MACs did not match.') != -1 def test_policy_evaluate_failing_7(self): '''Ensure that a mismatched host keys and MACs results in a failure''' policy_data = '''name = "Test Policy" version = 1 compressions = comp_alg1, comp_alg2 host keys = key_alg1, key_alg2, XXXmismatchedXXX key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, XXXmismatchedXXX, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 2 assert error_str.find('Host keys did not match.') != -1 assert error_str.find('MACs did not match.') != -1 def test_policy_evaluate_subset_passing_1(self): '''Ensure that exact algorithm matches work even when subset parsing is enabled.''' policy_data = '''name = "Test Policy" version = 1 allow_algorithm_subset_and_reordering = true compressions = comp_alg1, comp_alg2 host keys = key_alg1, key_alg2 key exchanges = kex_alg1, kex_alg2 ciphers = cipher_alg1, cipher_alg2, cipher_alg3 macs = mac_alg1, mac_alg2, mac_alg3''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is True assert len(errors) == 0 assert error_str == "" def test_policy_evaluate_subset_passing_2(self): '''Ensure that subset parsing works.''' policy_data = '''name = "Test Policy" version = 1 allow_algorithm_subset_and_reordering = true compressions = comp_alg1, comp_alg2 host keys = key_alg2, key_alg1, key_alg0 key exchanges = kex_alg3, kex_alg1, kex_alg2 ciphers = cipher_alg0, cipher_alg3, cipher_alg2, cipher_alg1 macs = mac_alg2, mac_alg1, mac_alg3, mac_alg0''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is True assert len(errors) == 0 assert error_str == "" def test_policy_evaluate_subset_failing_1(self): '''Ensure that subset parsing returns a failure.''' policy_data = '''name = "Test Policy" version = 1 allow_algorithm_subset_and_reordering = true compressions = comp_alg1, comp_alg2 host keys = key_alg7, key_alg8, key_alg9 key exchanges = kex_alg7, kex_alg8, kex_alg9 ciphers = cipher_alg7, cipher_alg8, cipher_alg9, cipher_alg10 macs = mac_alg7, mac_alg8, mac_alg9, mac_alg10''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 4 assert error_str.find("Ciphers did not match.") != -1 assert error_str.find("Host keys did not match.") != -1 assert error_str.find("MACs did not match") != -1 assert error_str.find("Key exchanges did not match.") != -1 def test_policy_evaluate_subset_failing_2(self): '''Ensure that subset parsing returns a failure when policy includes kex-strict-s-v00@openssh.com, but target does not.''' policy_data = '''name = "Test Policy" version = 1 allow_algorithm_subset_and_reordering = true compressions = comp_alg1, comp_alg2 host keys = key_alg2, key_alg1, key_alg0 key exchanges = kex_alg3, kex_alg1, kex_alg2, kex-strict-s-v00@openssh.com ciphers = cipher_alg0, cipher_alg3, cipher_alg2, cipher_alg1 macs = mac_alg2, mac_alg1, mac_alg3, mac_alg0''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find("Key exchanges did not match.") != -1 def test_policy_evaluate_subset_failing_3(self): '''Ensure that subset parsing returns a failure when policy includes kex-strict-c-v00@openssh.com, but target does not.''' policy_data = '''name = "Test Policy" version = 1 allow_algorithm_subset_and_reordering = true compressions = comp_alg1, comp_alg2 host keys = key_alg2, key_alg1, key_alg0 key exchanges = kex_alg3, kex_alg1, kex_alg2, kex-strict-c-v00@openssh.com ciphers = cipher_alg0, cipher_alg3, cipher_alg2, cipher_alg1 macs = mac_alg2, mac_alg1, mac_alg3, mac_alg0''' policy = self.Policy(policy_data=policy_data) ret, errors, error_str = policy.evaluate('SSH Server 1.0', self._get_kex()) assert ret is False assert len(errors) == 1 assert error_str.find("Key exchanges did not match.") != -1 ssh-audit-3.3.0/test/test_resolve.py000066400000000000000000000061441470352310600174730ustar00rootroot00000000000000import socket import pytest # pylint: disable=attribute-defined-outside-init,protected-access class TestResolve: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.AuditConf = ssh_audit.AuditConf self.audit = ssh_audit.audit self.OutputBuffer = ssh_audit.OutputBuffer self.ssh_socket = ssh_audit.SSH_Socket def _conf(self): conf = self.AuditConf('localhost', 22) conf.colors = False conf.batch = True return conf def test_resolve_error(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.gsock.addrinfodata['localhost#22'] = socket.gaierror(8, 'hostname nor servname provided, or not known') conf = self._conf() s = self.ssh_socket(self.OutputBuffer(), 'localhost', 22, conf.ip_version_preference) # output_spy.begin() with pytest.raises(socket.gaierror): list(s._resolve()) # lines = output_spy.flush() # assert len(lines) == 1 # assert 'hostname nor servname provided' in lines[-1] def test_resolve_hostname_without_records(self, output_spy, virtual_socket): vsocket = virtual_socket vsocket.gsock.addrinfodata['localhost#22'] = [] conf = self._conf() s = self.ssh_socket(self.OutputBuffer(), 'localhost', 22, conf.ip_version_preference) output_spy.begin() r = list(s._resolve()) assert len(r) == 0 def test_resolve_ipv4(self, virtual_socket): conf = self._conf() conf.ipv4 = True s = self.ssh_socket(self.OutputBuffer(), 'localhost', 22, conf.ip_version_preference) r = list(s._resolve()) assert len(r) == 1 assert r[0] == (socket.AF_INET, ('127.0.0.1', 22)) def test_resolve_ipv6(self, virtual_socket): conf = self._conf() conf.ipv6 = True s = self.ssh_socket(self.OutputBuffer(), 'localhost', 22, conf.ip_version_preference) r = list(s._resolve()) assert len(r) == 1 assert r[0] == (socket.AF_INET6, ('::1', 22)) def test_resolve_ipv46_both(self, virtual_socket): conf = self._conf() s = self.ssh_socket(self.OutputBuffer(), 'localhost', 22, conf.ip_version_preference) r = list(s._resolve()) assert len(r) == 2 assert r[0] == (socket.AF_INET, ('127.0.0.1', 22)) assert r[1] == (socket.AF_INET6, ('::1', 22)) def test_resolve_ipv46_order(self, virtual_socket): conf = self._conf() conf.ipv4 = True conf.ipv6 = True s = self.ssh_socket(self.OutputBuffer(), 'localhost', 22, conf.ip_version_preference) r = list(s._resolve()) assert len(r) == 2 assert r[0] == (socket.AF_INET, ('127.0.0.1', 22)) assert r[1] == (socket.AF_INET6, ('::1', 22)) conf = self._conf() conf.ipv6 = True conf.ipv4 = True s = self.ssh_socket(self.OutputBuffer(), 'localhost', 22, conf.ip_version_preference) r = list(s._resolve()) assert len(r) == 2 assert r[0] == (socket.AF_INET6, ('::1', 22)) assert r[1] == (socket.AF_INET, ('127.0.0.1', 22)) ssh-audit-3.3.0/test/test_socket.py000066400000000000000000000027301470352310600173010ustar00rootroot00000000000000import pytest from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.ssh_socket import SSH_Socket # pylint: disable=attribute-defined-outside-init class TestSocket: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.OutputBuffer = OutputBuffer self.ssh_socket = SSH_Socket def test_invalid_host(self, virtual_socket): with pytest.raises(ValueError): self.ssh_socket(self.OutputBuffer(), None, 22) def test_invalid_port(self, virtual_socket): with pytest.raises(ValueError): self.ssh_socket(self.OutputBuffer(), 'localhost', 'abc') with pytest.raises(ValueError): self.ssh_socket(self.OutputBuffer(), 'localhost', -1) with pytest.raises(ValueError): self.ssh_socket(self.OutputBuffer(), 'localhost', 0) with pytest.raises(ValueError): self.ssh_socket(self.OutputBuffer(), 'localhost', 65536) def test_not_connected_socket(self, virtual_socket): sock = self.ssh_socket(self.OutputBuffer(), 'localhost', 22) banner, header, err = sock.get_banner() assert banner is None assert len(header) == 0 assert err == 'not connected' s, e = sock.recv() assert s == -1 assert e == 'not connected' s, e = sock.send('nothing') assert s == -1 assert e == 'not connected' s, e = sock.send_packet() assert s == -1 assert e == 'not connected' ssh-audit-3.3.0/test/test_software.py000066400000000000000000000316351470352310600176510ustar00rootroot00000000000000import pytest from ssh_audit.banner import Banner from ssh_audit.software import Software # pylint: disable=line-too-long,attribute-defined-outside-init class TestSoftware: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.software = Software self.banner = Banner def test_unknown_software(self): ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa assert ps('SSH-1.5') is None assert ps('SSH-1.99-AlfaMegaServer') is None assert ps('SSH-2.0-BetaMegaServer 0.0.1') is None def test_openssh_software(self): # pylint: disable=too-many-statements ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa # common s = ps('SSH-2.0-OpenSSH_7.3') assert s.vendor is None assert s.product == 'OpenSSH' assert s.version == '7.3' assert s.patch is None assert s.os is None assert str(s) == 'OpenSSH 7.3' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' # common, portable s = ps('SSH-2.0-OpenSSH_7.2p1') assert s.vendor is None assert s.product == 'OpenSSH' assert s.version == '7.2' assert s.patch == 'p1' assert s.os is None assert str(s) == 'OpenSSH 7.2p1' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'OpenSSH 7.2' assert repr(s) == '' # dot instead of underline s = ps('SSH-2.0-OpenSSH.6.6') assert s.vendor is None assert s.product == 'OpenSSH' assert s.version == '6.6' assert s.patch is None assert s.os is None assert str(s) == 'OpenSSH 6.6' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' # dash instead of underline s = ps('SSH-2.0-OpenSSH-3.9p1') assert s.vendor is None assert s.product == 'OpenSSH' assert s.version == '3.9' assert s.patch == 'p1' assert s.os is None assert str(s) == 'OpenSSH 3.9p1' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'OpenSSH 3.9' assert repr(s) == '' # patch prefix with dash s = ps('SSH-2.0-OpenSSH_7.2-hpn14v5') assert s.vendor is None assert s.product == 'OpenSSH' assert s.version == '7.2' assert s.patch == 'hpn14v5' assert s.os is None assert str(s) == 'OpenSSH 7.2 (hpn14v5)' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'OpenSSH 7.2' assert repr(s) == '' # patch prefix with underline s = ps('SSH-1.5-OpenSSH_6.6.1_hpn13v11') assert s.vendor is None assert s.product == 'OpenSSH' assert s.version == '6.6.1' assert s.patch == 'hpn13v11' assert s.os is None assert str(s) == 'OpenSSH 6.6.1 (hpn13v11)' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'OpenSSH 6.6.1' assert repr(s) == '' # patch prefix with dot s = ps('SSH-2.0-OpenSSH_5.9.CASPUR') assert s.vendor is None assert s.product == 'OpenSSH' assert s.version == '5.9' assert s.patch == 'CASPUR' assert s.os is None assert str(s) == 'OpenSSH 5.9 (CASPUR)' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'OpenSSH 5.9' assert repr(s) == '' def test_dropbear_software(self): ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa # common s = ps('SSH-2.0-dropbear_2016.74') assert s.vendor is None assert s.product == 'Dropbear SSH' assert s.version == '2016.74' assert s.patch is None assert s.os is None assert str(s) == 'Dropbear SSH 2016.74' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' # common, patch s = ps('SSH-2.0-dropbear_0.44test4') assert s.vendor is None assert s.product == 'Dropbear SSH' assert s.version == '0.44' assert s.patch == 'test4' assert s.os is None assert str(s) == 'Dropbear SSH 0.44 (test4)' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'Dropbear SSH 0.44' assert repr(s) == '' # patch prefix with dash s = ps('SSH-2.0-dropbear_0.44-Freesco-p49') assert s.vendor is None assert s.product == 'Dropbear SSH' assert s.version == '0.44' assert s.patch == 'Freesco-p49' assert s.os is None assert str(s) == 'Dropbear SSH 0.44 (Freesco-p49)' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'Dropbear SSH 0.44' assert repr(s) == '' # patch prefix with underline s = ps('SSH-2.0-dropbear_2014.66_agbn_1') assert s.vendor is None assert s.product == 'Dropbear SSH' assert s.version == '2014.66' assert s.patch == 'agbn_1' assert s.os is None assert str(s) == 'Dropbear SSH 2014.66 (agbn_1)' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == 'Dropbear SSH 2014.66' assert repr(s) == '' def test_libssh_software(self): ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa # common s = ps('SSH-2.0-libssh-0.2') assert s.vendor is None assert s.product == 'libssh' assert s.version == '0.2' assert s.patch is None assert s.os is None assert str(s) == 'libssh 0.2' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' s = ps('SSH-2.0-libssh-0.7.4') assert s.vendor is None assert s.product == 'libssh' assert s.version == '0.7.4' assert s.patch is None assert s.os is None assert str(s) == 'libssh 0.7.4' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' def test_romsshell_software(self): ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa # common s = ps('SSH-2.0-RomSShell_5.40') assert s.vendor == 'Allegro Software' assert s.product == 'RomSShell' assert s.version == '5.40' assert s.patch is None assert s.os is None assert str(s) == 'Allegro Software RomSShell 5.40' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' def test_hp_ilo_software(self): ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa # common s = ps('SSH-2.0-mpSSH_0.2.1') assert s.vendor == 'HP' assert s.product == 'iLO (Integrated Lights-Out) sshd' assert s.version == '0.2.1' assert s.patch is None assert s.os is None assert str(s) == 'HP iLO (Integrated Lights-Out) sshd 0.2.1' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' def test_cisco_software(self): ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa # common s = ps('SSH-1.5-Cisco-1.25') assert s.vendor == 'Cisco' assert s.product == 'IOS/PIX sshd' assert s.version == '1.25' assert s.patch is None assert s.os is None assert str(s) == 'Cisco IOS/PIX sshd 1.25' assert str(s) == s.display() assert s.display(True) == str(s) assert s.display(False) == str(s) assert repr(s) == '' def test_software_os(self): ps = lambda x: self.software.parse(self.banner.parse(x)) # noqa # unknown s = ps('SSH-2.0-OpenSSH_3.7.1 MegaOperatingSystem 123') assert s.os is None # NetBSD s = ps('SSH-1.99-OpenSSH_2.5.1 NetBSD_Secure_Shell-20010614') assert s.os == 'NetBSD (2001-06-14)' assert str(s) == 'OpenSSH 2.5.1 running on NetBSD (2001-06-14)' assert repr(s) == '' s = ps('SSH-1.99-OpenSSH_5.0 NetBSD_Secure_Shell-20080403+-hpn13v1') assert s.os == 'NetBSD (2008-04-03)' assert str(s) == 'OpenSSH 5.0 running on NetBSD (2008-04-03)' assert repr(s) == '' s = ps('SSH-2.0-OpenSSH_6.6.1_hpn13v11 NetBSD-20100308') assert s.os == 'NetBSD (2010-03-08)' assert str(s) == 'OpenSSH 6.6.1 (hpn13v11) running on NetBSD (2010-03-08)' assert repr(s) == '' s = ps('SSH-2.0-OpenSSH_4.4 NetBSD') assert s.os == 'NetBSD' assert str(s) == 'OpenSSH 4.4 running on NetBSD' assert repr(s) == '' s = ps('SSH-2.0-OpenSSH_3.0.2 NetBSD Secure Shell') assert s.os == 'NetBSD' assert str(s) == 'OpenSSH 3.0.2 running on NetBSD' assert repr(s) == '' # FreeBSD s = ps('SSH-2.0-OpenSSH_7.2 FreeBSD-20160310') assert s.os == 'FreeBSD (2016-03-10)' assert str(s) == 'OpenSSH 7.2 running on FreeBSD (2016-03-10)' assert repr(s) == '' s = ps('SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20020307') assert s.os == 'FreeBSD (2002-03-07)' assert str(s) == 'OpenSSH 2.9 running on FreeBSD (2002-03-07)' assert repr(s) == '' s = ps('SSH-2.0-OpenSSH_2.3.0 green@FreeBSD.org 20010321') assert s.os == 'FreeBSD (2001-03-21)' assert str(s) == 'OpenSSH 2.3.0 running on FreeBSD (2001-03-21)' assert repr(s) == '' s = ps('SSH-1.99-OpenSSH_4.4p1 FreeBSD-openssh-portable-overwrite-base-4.4.p1_1,1') assert s.os == 'FreeBSD' assert str(s) == 'OpenSSH 4.4p1 running on FreeBSD' assert repr(s) == '' s = ps('SSH-2.0-OpenSSH_7.2-OVH-rescue FreeBSD') assert s.os == 'FreeBSD' assert str(s) == 'OpenSSH 7.2 (OVH-rescue) running on FreeBSD' assert repr(s) == '' # Windows s = ps('SSH-2.0-OpenSSH_3.7.1 in RemotelyAnywhere 5.21.422') assert s.os == 'Microsoft Windows (RemotelyAnywhere 5.21.422)' assert str(s) == 'OpenSSH 3.7.1 running on Microsoft Windows (RemotelyAnywhere 5.21.422)' assert repr(s) == '' s = ps('SSH-2.0-OpenSSH_3.8 in DesktopAuthority 7.1.091') assert s.os == 'Microsoft Windows (DesktopAuthority 7.1.091)' assert str(s) == 'OpenSSH 3.8 running on Microsoft Windows (DesktopAuthority 7.1.091)' assert repr(s) == '' s = ps('SSH-2.0-OpenSSH_3.8 in RemoteSupportManager 1.0.023') assert s.os == 'Microsoft Windows (RemoteSupportManager 1.0.023)' assert str(s) == 'OpenSSH 3.8 running on Microsoft Windows (RemoteSupportManager 1.0.023)' assert repr(s) == '' ssh-audit-3.3.0/test/test_ssh1.py000066400000000000000000000166351470352310600167000ustar00rootroot00000000000000import struct import pytest from ssh_audit.auditconf import AuditConf from ssh_audit.fingerprint import Fingerprint from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.protocol import Protocol from ssh_audit.readbuf import ReadBuf from ssh_audit.ssh1 import SSH1 from ssh_audit.ssh1_publickeymessage import SSH1_PublicKeyMessage from ssh_audit.ssh_audit import audit from ssh_audit.writebuf import WriteBuf # pylint: disable=line-too-long,attribute-defined-outside-init class TestSSH1: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.OutputBuffer = OutputBuffer self.protocol = Protocol self.ssh1 = SSH1 self.PublicKeyMessage = SSH1_PublicKeyMessage self.rbuf = ReadBuf self.wbuf = WriteBuf self.audit = audit self.AuditConf = AuditConf self.fingerprint = Fingerprint def _conf(self): conf = self.AuditConf('localhost', 22) conf.colors = False conf.batch = True conf.verbose = True conf.ssh1 = True conf.ssh2 = False conf.skip_rate_test = True return conf def _create_ssh1_packet(self, payload, valid_crc=True): padding = -(len(payload) + 4) % 8 plen = len(payload) + 4 pad_bytes = b'\x00' * padding cksum = self.ssh1.crc32(pad_bytes + payload) if valid_crc else 0 data = struct.pack('>I', plen) + pad_bytes + payload + struct.pack('>I', cksum) return data @classmethod def _server_key(cls): return (1024, 0x10001, 0xee6552da432e0ac2c422df1a51287507748bfe3b5e3e4fa989a8f49fdc163a17754939ef18ef8a667ea3b71036a151fcd7f5e01ceef1e4439864baf3ac569047582c69d6c128212e0980dcb3168f00d371004039983f6033cd785b8b8f85096c7d9405cbfdc664e27c966356a6b4eb6ee20ad43414b50de18b22829c1880b551) @classmethod def _host_key(cls): return (2048, 0x10001, 0xdfa20cd2a530ccc8c870aa60d9feb3b35deeab81c3215a96557abbd683d21f4600f38e475d87100da9a4404220eeb3bb5584e5a2b5b48ffda58530ea19104a32577d7459d91e76aa711b241050f4cc6d5327ccce254f371acad3be56d46eb5919b73f20dbdb1177b700f00891c5bf4ed128bb90ed541b778288285bcfa28432ab5cbcb8321b6e24760e998e0daa519f093a631e44276d7dd252ce0c08c75e2ab28a7349ead779f97d0f20a6d413bf3623cd216dc35375f6366690bcc41e3b2d5465840ec7ee0dc7e3f1c101d674a0c7dbccbc3942788b111396add2f8153b46a0e4b50d66e57ee92958f1c860dd97cc0e40e32febff915343ed53573142bdf4b) def _pkm_payload(self): w = self.wbuf() w.write(b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff') b, e, m = self._server_key() w.write_int(b).write_mpint1(e).write_mpint1(m) b, e, m = self._host_key() w.write_int(b).write_mpint1(e).write_mpint1(m) w.write_int(2) w.write_int(72) w.write_int(36) return w.write_flush() def test_crc32(self): assert self.ssh1.crc32(b'') == 0x00 assert self.ssh1.crc32(b'The quick brown fox jumps over the lazy dog') == 0xb9c60808 def test_fingerprint(self): # pylint: disable=protected-access b, e, m = self._host_key() fpd = self.wbuf._create_mpint(m, False) fpd += self.wbuf._create_mpint(e, False) fp = self.fingerprint(fpd) assert b == 2048 assert fp.md5 == 'MD5:9d:26:f8:39:fc:20:9d:9b:ca:cc:4a:0f:e1:93:f5:96' assert fp.sha256 == 'SHA256:vZdx3mhzbvVJmn08t/ruv8WDhJ9jfKYsCTuSzot+QIs' def _assert_pkm_keys(self, pkm, skey, hkey): b, e, m = skey assert pkm.server_key_bits == b assert pkm.server_key_public_exponent == e assert pkm.server_key_public_modulus == m b, e, m = hkey assert pkm.host_key_bits == b assert pkm.host_key_public_exponent == e assert pkm.host_key_public_modulus == m def _assert_pkm_fields(self, pkm, skey, hkey): assert pkm is not None assert pkm.cookie == b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff' self._assert_pkm_keys(pkm, skey, hkey) assert pkm.protocol_flags == 2 assert pkm.supported_ciphers_mask == 72 assert pkm.supported_ciphers == ['3des', 'blowfish'] assert pkm.supported_authentications_mask == 36 assert pkm.supported_authentications == ['rsa', 'tis'] fp = self.fingerprint(pkm.host_key_fingerprint_data) assert fp.md5 == 'MD5:9d:26:f8:39:fc:20:9d:9b:ca:cc:4a:0f:e1:93:f5:96' assert fp.sha256 == 'SHA256:vZdx3mhzbvVJmn08t/ruv8WDhJ9jfKYsCTuSzot+QIs' def test_pkm_init(self): cookie = b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff' pflags, cmask, amask = 2, 72, 36 skey, hkey = self._server_key(), self._host_key() pkm = self.PublicKeyMessage(cookie, skey, hkey, pflags, cmask, amask) self._assert_pkm_fields(pkm, skey, hkey) for skey2 in ([], [0], [0, 1], [0, 1, 2, 3]): with pytest.raises(ValueError): pkm = self.PublicKeyMessage(cookie, skey2, hkey, pflags, cmask, amask) for hkey2 in ([], [0], [0, 1], [0, 1, 2, 3]): with pytest.raises(ValueError): print(hkey2) pkm = self.PublicKeyMessage(cookie, skey, hkey2, pflags, cmask, amask) def test_pkm_read(self): pkm = self.PublicKeyMessage.parse(self._pkm_payload()) self._assert_pkm_fields(pkm, self._server_key(), self._host_key()) def test_pkm_payload(self): cookie = b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff' skey, hkey = self._server_key(), self._host_key() pflags, cmask, amask = 2, 72, 36 pkm1 = self.PublicKeyMessage(cookie, skey, hkey, pflags, cmask, amask) pkm2 = self.PublicKeyMessage.parse(self._pkm_payload()) assert pkm1.payload == pkm2.payload def test_ssh1_server_simple(self, output_spy, virtual_socket): vsocket = virtual_socket w = self.wbuf() w.write_byte(self.protocol.SMSG_PUBLIC_KEY) w.write(self._pkm_payload()) vsocket.rdata.append(b'SSH-1.5-OpenSSH_7.2 ssh-audit-test\r\n') vsocket.rdata.append(self._create_ssh1_packet(w.write_flush())) output_spy.begin() out = self.OutputBuffer() self.audit(out, self._conf()) out.write() lines = output_spy.flush() assert len(lines) == 13 def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket): vsocket = virtual_socket w = self.wbuf() w.write_byte(self.protocol.SMSG_PUBLIC_KEY + 1) w.write(self._pkm_payload()) vsocket.rdata.append(b'SSH-1.5-OpenSSH_7.2 ssh-audit-test\r\n') vsocket.rdata.append(self._create_ssh1_packet(w.write_flush())) output_spy.begin() out = self.OutputBuffer() ret = self.audit(out, self._conf()) out.write() assert ret != 0 lines = output_spy.flush() assert len(lines) == 6 assert 'unknown message' in lines[-1] def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket): vsocket = virtual_socket w = self.wbuf() w.write_byte(self.protocol.SMSG_PUBLIC_KEY + 1) w.write(self._pkm_payload()) vsocket.rdata.append(b'SSH-1.5-OpenSSH_7.2 ssh-audit-test\r\n') vsocket.rdata.append(self._create_ssh1_packet(w.write_flush(), False)) output_spy.begin() out = self.OutputBuffer() with pytest.raises(SystemExit): self.audit(out, self._conf()) out.write() lines = output_spy.flush() assert len(lines) == 3 assert ('checksum' in lines[0]) or ('checksum' in lines[1]) or ('checksum' in lines[2]) ssh-audit-3.3.0/test/test_ssh2.py000066400000000000000000000242251470352310600166730ustar00rootroot00000000000000import os import struct import pytest from ssh_audit.auditconf import AuditConf from ssh_audit.outputbuffer import OutputBuffer from ssh_audit.protocol import Protocol from ssh_audit.readbuf import ReadBuf from ssh_audit.ssh2_kex import SSH2_Kex from ssh_audit.ssh2_kexparty import SSH2_KexParty from ssh_audit.ssh_audit import audit from ssh_audit.writebuf import WriteBuf # pylint: disable=line-too-long,attribute-defined-outside-init class TestSSH2: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.OutputBuffer = OutputBuffer self.protocol = Protocol self.ssh2_kex = SSH2_Kex self.ssh2_kexparty = SSH2_KexParty self.rbuf = ReadBuf self.wbuf = WriteBuf self.audit = audit self.AuditConf = AuditConf def _conf(self): conf = self.AuditConf('localhost', 22) conf.colors = False conf.batch = True conf.verbose = True conf.ssh1 = False conf.ssh2 = True conf.skip_rate_test = True return conf @classmethod def _create_ssh2_packet(cls, payload): padding = -(len(payload) + 5) % 8 if padding < 4: padding += 8 plen = len(payload) + padding + 1 pad_bytes = b'\x00' * padding data = struct.pack('>Ib', plen, padding) + payload + pad_bytes return data def _kex_payload(self): w = self.wbuf() w.write(b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff') w.write_list(['bogus_kex1', 'bogus_kex2']) # We use a bogus kex, otherwise the host key tests will kick off and fail. w.write_list(['ssh-rsa', 'rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519']) w.write_list(['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc']) w.write_list(['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc']) w.write_list(['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1']) w.write_list(['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1']) w.write_list(['none', 'zlib@openssh.com']) w.write_list(['none', 'zlib@openssh.com']) w.write_list(['']) w.write_list(['']) w.write_byte(False) w.write_int(0) return w.write_flush() def _kex_payload_with_gss(self): w = self.wbuf() w.write(b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff') w.write_list(['gss-gex-sha1-dZuIebMjgUqaxvbF7hDbAw==', 'gss-gex-sha1-vz8J1E9PzLr8b1K+0remTg==', 'gss-group14-sha1-dZuIebMjgUqaxvbF7hDbAw==', 'gss-group14-sha1-vz8J1E9PzLr8b1K+0remTg==', 'gss-group14-sha256-dZuIebMjgUqaxvbF7hDbAw==', 'gss-group14-sha256-vz8J1E9PzLr8b1K+0remTg==', 'gss-group16-sha512-dZuIebMjgUqaxvbF7hDbAw==', 'gss-group16-sha512-vz8J1E9PzLr8b1K+0remTg==', 'gss-group18-sha512-dZuIebMjgUqaxvbF7hDbAw==', 'gss-group18-sha512-vz8J1E9PzLr8b1K+0remTg==', 'gss-group1-sha1-dZuIebMjgUqaxvbF7hDbAw==', 'gss-group1-sha1-vz8J1E9PzLr8b1K+0remTg==', 'gss-curve448-sha512-XXX', 'gss-nistp256-sha256-RANDOMCHARSTOTESTWILDCARDMATCHING']) w.write_list(['ssh-ed25519']) w.write_list(['chacha20-poly1305@openssh.com']) w.write_list(['chacha20-poly1305@openssh.com']) w.write_list(['hmac-sha2-512-etm@openssh.com']) w.write_list(['hmac-sha2-512-etm@openssh.com']) w.write_list(['none', 'zlib@openssh.com']) w.write_list(['none', 'zlib@openssh.com']) w.write_list(['']) w.write_list(['']) w.write_byte(False) w.write_int(0) return w.write_flush() def test_kex_read(self): kex = self.ssh2_kex.parse(self.OutputBuffer, self._kex_payload()) assert kex is not None assert kex.cookie == b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff' assert kex.kex_algorithms == ['bogus_kex1', 'bogus_kex2'] assert kex.key_algorithms == ['ssh-rsa', 'rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'] assert kex.client is not None assert kex.server is not None assert kex.client.encryption == ['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc'] assert kex.server.encryption == ['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc'] assert kex.client.mac == ['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] assert kex.server.mac == ['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] assert kex.client.compression == ['none', 'zlib@openssh.com'] assert kex.server.compression == ['none', 'zlib@openssh.com'] assert kex.client.languages == [''] assert kex.server.languages == [''] assert kex.follows is False assert kex.unused == 0 def _get_empty_kex(self, cookie=None): kex_algs, key_algs = [], [] enc, mac, compression, languages = [], [], ['none'], [] cli = self.ssh2_kexparty(enc, mac, compression, languages) enc, mac, compression, languages = [], [], ['none'], [] srv = self.ssh2_kexparty(enc, mac, compression, languages) if cookie is None: cookie = os.urandom(16) kex = self.ssh2_kex(self.OutputBuffer, cookie, kex_algs, key_algs, cli, srv, 0) return kex def _get_kex_variat1(self): cookie = b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff' kex = self._get_empty_kex(cookie) kex.kex_algorithms.append('bogus_kex1') kex.kex_algorithms.append('bogus_kex2') kex.key_algorithms.append('ssh-rsa') kex.key_algorithms.append('rsa-sha2-512') kex.key_algorithms.append('rsa-sha2-256') kex.key_algorithms.append('ssh-ed25519') kex.server.encryption.append('chacha20-poly1305@openssh.com') kex.server.encryption.append('aes128-ctr') kex.server.encryption.append('aes192-ctr') kex.server.encryption.append('aes256-ctr') kex.server.encryption.append('aes128-gcm@openssh.com') kex.server.encryption.append('aes256-gcm@openssh.com') kex.server.encryption.append('aes128-cbc') kex.server.encryption.append('aes192-cbc') kex.server.encryption.append('aes256-cbc') kex.server.mac.append('umac-64-etm@openssh.com') kex.server.mac.append('umac-128-etm@openssh.com') kex.server.mac.append('hmac-sha2-256-etm@openssh.com') kex.server.mac.append('hmac-sha2-512-etm@openssh.com') kex.server.mac.append('hmac-sha1-etm@openssh.com') kex.server.mac.append('umac-64@openssh.com') kex.server.mac.append('umac-128@openssh.com') kex.server.mac.append('hmac-sha2-256') kex.server.mac.append('hmac-sha2-512') kex.server.mac.append('hmac-sha1') kex.server.compression.append('zlib@openssh.com') for a in kex.server.encryption: kex.client.encryption.append(a) for a in kex.server.mac: kex.client.mac.append(a) for a in kex.server.compression: if a == 'none': continue kex.client.compression.append(a) return kex def test_key_payload(self): kex1 = self._get_kex_variat1() kex2 = self.ssh2_kex.parse(self.OutputBuffer, self._kex_payload()) assert kex1.payload == kex2.payload def test_ssh2_server_simple(self, output_spy, virtual_socket): vsocket = virtual_socket w = self.wbuf() w.write_byte(self.protocol.MSG_KEXINIT) w.write(self._kex_payload()) vsocket.rdata.append(b'SSH-2.0-OpenSSH_7.3 ssh-audit-test\r\n') vsocket.rdata.append(self._create_ssh2_packet(w.write_flush())) output_spy.begin() out = self.OutputBuffer() self.audit(out, self._conf()) out.write() lines = output_spy.flush() assert len(lines) == 78 def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket): vsocket = virtual_socket w = self.wbuf() w.write_byte(self.protocol.MSG_KEXINIT + 1) vsocket.rdata.append(b'SSH-2.0-OpenSSH_7.3 ssh-audit-test\r\n') vsocket.rdata.append(self._create_ssh2_packet(w.write_flush())) output_spy.begin() out = self.OutputBuffer() ret = self.audit(out, self._conf()) out.write() assert ret != 0 lines = output_spy.flush() assert len(lines) == 4 assert 'unknown message' in lines[-1] def test_ssh2_gss_kex(self, output_spy, virtual_socket): '''Ensure that GSS kex algorithms are properly parsed.''' vsocket = virtual_socket w = self.wbuf() w.write_byte(self.protocol.MSG_KEXINIT) w.write(self._kex_payload_with_gss()) # Use the kex with GSS algorithms. vsocket.rdata.append(b'SSH-2.0-OpenSSH_7.3 ssh-audit-test\r\n') vsocket.rdata.append(self._create_ssh2_packet(w.write_flush())) output_spy.begin() out = self.OutputBuffer() self.audit(out, self._conf()) out.write() lines = output_spy.flush() # Ensure that none of the lines are reported as "unknown algorithm". for line in lines: assert line.find('unknown algorithm') == -1 ssh-audit-3.3.0/test/test_ssh2_kexdb.py000066400000000000000000000024001470352310600200370ustar00rootroot00000000000000import pytest from ssh_audit.ssh2_kexdb import SSH2_KexDB class Test_SSH2_KexDB: @pytest.fixture(autouse=True) def init(self): self.db = SSH2_KexDB.get_db() def test_ssh2_kexdb(self): '''Ensures that the SSH2_KexDB.ALGORITHMS dictionary is in the right format.''' db_keys = list(self.db.keys()) db_keys.sort() # Ensure only these keys exist in the database. assert db_keys == ['enc', 'kex', 'key', 'mac'] # For 'enc', 'kex', etc... for alg_type in self.db: # Iterate over algorithms within this type (i.e.: all 'enc' algorithms, all 'kex' algorithms, etc). for alg_name in self.db[alg_type]: # Get the list of failures, warnings, etc., for this algorithm. alg_data = self.db[alg_type][alg_name] # This list must be between 1 and 4 entries long. assert 1 <= len(alg_data) <= 4 # The first entry denotes the versions when this algorithm was added to OpenSSH, Dropbear, and/or libssh, followed by when it was deprecated, and finally when it was removed. Hence it must have between 0 and 3 entries. added_entry = alg_data[0] assert 0 <= len(added_entry) <= 3 ssh-audit-3.3.0/test/test_utils.py000066400000000000000000000057601470352310600171570ustar00rootroot00000000000000import pytest # pylint: disable=attribute-defined-outside-init class TestUtils: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.utils = ssh_audit.Utils def test_to_bytes(self): assert self.utils.to_bytes(b'fran\xc3\xa7ais') == b'fran\xc3\xa7ais' assert self.utils.to_bytes('fran\xe7ais') == b'fran\xc3\xa7ais' # other with pytest.raises(TypeError): self.utils.to_bytes(123) def test_to_text(self): assert self.utils.to_text(b'fran\xc3\xa7ais') == 'fran\xe7ais' assert self.utils.to_text('fran\xe7ais') == 'fran\xe7ais' # other with pytest.raises(TypeError): self.utils.to_text(123) def test_is_ascii(self): assert self.utils.is_ascii('francais') is True assert self.utils.is_ascii('fran\xe7ais') is False # other assert self.utils.is_ascii(123) is False def test_to_ascii(self): assert self.utils.to_ascii('francais') == 'francais' assert self.utils.to_ascii('fran\xe7ais') == 'fran?ais' assert self.utils.to_ascii('fran\xe7ais', 'ignore') == 'franais' with pytest.raises(TypeError): self.utils.to_ascii(123) def test_is_print_ascii(self): assert self.utils.is_print_ascii('francais') is True assert self.utils.is_print_ascii('francais\n') is False assert self.utils.is_print_ascii('fran\xe7ais') is False # other assert self.utils.is_print_ascii(123) is False def test_to_print_ascii(self): assert self.utils.to_print_ascii('francais') == 'francais' assert self.utils.to_print_ascii('francais\n') == 'francais?' assert self.utils.to_print_ascii('fran\xe7ais') == 'fran?ais' assert self.utils.to_print_ascii('fran\xe7ais\n') == 'fran?ais?' assert self.utils.to_print_ascii('fran\xe7ais', 'ignore') == 'franais' assert self.utils.to_print_ascii('fran\xe7ais\n', 'ignore') == 'franais' with pytest.raises(TypeError): self.utils.to_print_ascii(123) def test_ctoi(self): assert self.utils.ctoi(123) == 123 assert self.utils.ctoi('ABC') == 65 def test_parse_int(self): assert self.utils.parse_int(123) == 123 assert self.utils.parse_int('123') == 123 assert self.utils.parse_int(-123) == -123 assert self.utils.parse_int('-123') == -123 assert self.utils.parse_int('abc') == 0 def test_unique_seq(self): assert self.utils.unique_seq((1, 2, 2, 3, 3, 3)) == (1, 2, 3) assert self.utils.unique_seq((3, 3, 3, 2, 2, 1)) == (3, 2, 1) assert self.utils.unique_seq([1, 2, 2, 3, 3, 3]) == [1, 2, 3] assert self.utils.unique_seq([3, 3, 3, 2, 2, 1]) == [3, 2, 1] def test_parse_float(self): assert self.utils.parse_float('5.x') == -1.0 def test_ipv6address(self): assert self.utils.is_ipv6_address('1.2.3.4') is False assert self.utils.is_ipv6_address('2600:1f18:420a:b500:bc4:c9c6:1d6:e3e4') is True ssh-audit-3.3.0/test/test_version_compare.py000066400000000000000000000213501470352310600212030ustar00rootroot00000000000000import pytest from ssh_audit.banner import Banner from ssh_audit.software import Software # pylint: disable=attribute-defined-outside-init class TestVersionCompare: @pytest.fixture(autouse=True) def init(self, ssh_audit): self.software = Software self.banner = Banner def get_dropbear_software(self, v): b = self.banner.parse('SSH-2.0-dropbear_{}'.format(v)) return self.software.parse(b) def get_openssh_software(self, v): b = self.banner.parse('SSH-2.0-OpenSSH_{}'.format(v)) return self.software.parse(b) def get_libssh_software(self, v): b = self.banner.parse('SSH-2.0-libssh-{}'.format(v)) return self.software.parse(b) def test_dropbear_compare_version_pre_years(self): s = self.get_dropbear_software('0.44') assert s.compare_version(None) == 1 assert s.compare_version('') == 1 assert s.compare_version('0.43') > 0 assert s.compare_version('0.44') == 0 assert s.compare_version(s) == 0 assert s.compare_version('0.45') < 0 assert s.between_versions('0.43', '0.45') assert s.between_versions('0.43', '0.43') is False assert s.between_versions('0.45', '0.43') is False def test_dropbear_compare_version_with_years(self): s = self.get_dropbear_software('2015.71') assert s.compare_version(None) == 1 assert s.compare_version('') == 1 assert s.compare_version('2014.66') > 0 assert s.compare_version('2015.71') == 0 assert s.compare_version(s) == 0 assert s.compare_version('2016.74') < 0 assert s.between_versions('2014.66', '2016.74') assert s.between_versions('2014.66', '2015.69') is False assert s.between_versions('2016.74', '2014.66') is False def test_dropbear_compare_version_mixed(self): s = self.get_dropbear_software('0.53.1') assert s.compare_version(None) == 1 assert s.compare_version('') == 1 assert s.compare_version('0.53') > 0 assert s.compare_version('0.53.1') == 0 assert s.compare_version(s) == 0 assert s.compare_version('2011.54') < 0 assert s.between_versions('0.53', '2011.54') assert s.between_versions('0.53', '0.53') is False assert s.between_versions('2011.54', '0.53') is False def test_dropbear_compare_version_patchlevel(self): s1 = self.get_dropbear_software('0.44') s2 = self.get_dropbear_software('0.44test3') assert s1.compare_version(None) == 1 assert s1.compare_version('') == 1 assert s1.compare_version('0.44') == 0 assert s1.compare_version(s1) == 0 assert s1.compare_version('0.43') > 0 assert s1.compare_version('0.44test4') > 0 assert s1.between_versions('0.44test4', '0.45') assert s1.between_versions('0.43', '0.44test4') is False assert s1.between_versions('0.45', '0.44test4') is False assert s2.compare_version(None) == 1 assert s2.compare_version('') == 1 assert s2.compare_version('0.44test3') == 0 assert s2.compare_version(s2) == 0 assert s2.compare_version('0.44') < 0 assert s2.compare_version('0.44test4') < 0 assert s2.between_versions('0.43', '0.44') assert s2.between_versions('0.43', '0.44test2') is False assert s2.between_versions('0.44', '0.43') is False assert s1.compare_version(s2) > 0 assert s2.compare_version(s1) < 0 def test_dropbear_compare_version_sequential(self): versions = [] for i in range(28, 44): versions.append('0.{}'.format(i)) for i in range(1, 5): versions.append('0.44test{}'.format(i)) for i in range(44, 49): versions.append('0.{}'.format(i)) versions.append('0.48.1') for i in range(49, 54): versions.append('0.{}'.format(i)) versions.append('0.53.1') for v in ['2011.54', '2012.55']: versions.append(v) for i in range(56, 61): versions.append('2013.{}'.format(i)) for v in ['2013.61test', '2013.62']: versions.append(v) for i in range(63, 67): versions.append('2014.{}'.format(i)) for i in range(67, 72): versions.append('2015.{}'.format(i)) for i in range(72, 75): versions.append('2016.{}'.format(i)) length = len(versions) for i in range(length): v = versions[i] s = self.get_dropbear_software(v) assert s.compare_version(v) == 0 if i - 1 >= 0: vbefore = versions[i - 1] assert s.compare_version(vbefore) > 0 if i + 1 < length: vnext = versions[i + 1] assert s.compare_version(vnext) < 0 def test_openssh_compare_version_simple(self): s = self.get_openssh_software('3.7.1') assert s.compare_version(None) == 1 assert s.compare_version('') == 1 assert s.compare_version('3.7') > 0 assert s.compare_version('3.7.1') == 0 assert s.compare_version(s) == 0 assert s.compare_version('3.8') < 0 assert s.between_versions('3.7', '3.8') assert s.between_versions('3.6', '3.7') is False assert s.between_versions('3.8', '3.7') is False def test_openssh_compare_version_patchlevel(self): s1 = self.get_openssh_software('2.1.1') s2 = self.get_openssh_software('2.1.1p2') assert s1.compare_version(s1) == 0 assert s2.compare_version(s2) == 0 assert s1.compare_version('2.1.1') == 0 assert s2.compare_version('2.1.1p2') == 0 assert s1.compare_version('2.1.1p1') == 0 # OpenBSD version and p1 version should be the same. assert s1.compare_version('2.1.1p2') != 0 assert s2.compare_version('2.1.1') != 0 assert s2.compare_version('2.1.1p1') > 0 assert s2.compare_version('2.1.1p3') < 0 assert s1.compare_version(s2) != 0 assert s2.compare_version(s1) != 0 def test_openbsd_compare_version_sequential(self): versions = [] for v in ['1.2.3', '2.1.0', '2.1.1', '2.2.0', '2.3.0']: versions.append(v) for v in ['2.5.0', '2.5.1', '2.5.2', '2.9', '2.9.9']: versions.append(v) for v in ['3.0', '3.0.1', '3.0.2', '3.1', '3.2.2', '3.2.3']: versions.append(v) for i in range(3, 7): versions.append('3.{}'.format(i)) for v in ['3.6.1', '3.7.0', '3.7.1']: versions.append(v) for i in range(8, 10): versions.append('3.{}'.format(i)) for i in range(0, 10): versions.append('4.{}'.format(i)) for i in range(0, 10): versions.append('5.{}'.format(i)) for i in range(0, 10): versions.append('6.{}'.format(i)) for i in range(0, 4): versions.append('7.{}'.format(i)) length = len(versions) for i in range(length): v = versions[i] s = self.get_openssh_software(v) assert s.compare_version(v) == 0 if i - 1 >= 0: vbefore = versions[i - 1] assert s.compare_version(vbefore) > 0 if i + 1 < length: vnext = versions[i + 1] assert s.compare_version(vnext) < 0 def test_libssh_compare_version_simple(self): s = self.get_libssh_software('0.3') assert s.compare_version(None) == 1 assert s.compare_version('') == 1 assert s.compare_version('0.2') > 0 assert s.compare_version('0.3') == 0 assert s.compare_version(s) == 0 assert s.compare_version('0.3.1') < 0 assert s.between_versions('0.2', '0.3.1') assert s.between_versions('0.1', '0.2') is False assert s.between_versions('0.3.1', '0.2') is False def test_libssh_compare_version_sequential(self): versions = [] for v in ['0.2', '0.3']: versions.append(v) for i in range(1, 5): versions.append('0.3.{}'.format(i)) for i in range(0, 9): versions.append('0.4.{}'.format(i)) for i in range(0, 6): versions.append('0.5.{}'.format(i)) for i in range(0, 6): versions.append('0.6.{}'.format(i)) for i in range(0, 5): versions.append('0.7.{}'.format(i)) length = len(versions) for i in range(length): v = versions[i] s = self.get_libssh_software(v) assert s.compare_version(v) == 0 if i - 1 >= 0: vbefore = versions[i - 1] assert s.compare_version(vbefore) > 0 if i + 1 < length: vnext = versions[i + 1] assert s.compare_version(vnext) < 0 ssh-audit-3.3.0/test/tools/000077500000000000000000000000001470352310600155365ustar00rootroot00000000000000ssh-audit-3.3.0/test/tools/ci-win.cmd000066400000000000000000000075271470352310600174240ustar00rootroot00000000000000@ECHO OFF IF "%PYTHON%" == "" ( ECHO PYTHON environment variable not set EXIT 1 ) SET PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%" FOR /F %%i IN ('python -c "import platform; print(platform.python_version());"') DO ( SET PYTHON_VERSION=%%i ) SET PYTHON_VERSION_MAJOR=%PYTHON_VERSION:~0,1% IF "%PYTHON_VERSION:~3,1%" == "." ( SET PYTHON_VERSION_MINOR=%PYTHON_VERSION:~2,1% ) ELSE ( SET PYTHON_VERSION_MINOR=%PYTHON_VERSION:~2,2% ) FOR /F %%i IN ('python -c "import struct; print(struct.calcsize(\"P\")*8)"') DO ( SET PYTHON_ARCH=%%i ) CALL :devenv IF /I "%1"=="" ( SET target=test ) ELSE ( SET target=%1 ) echo [CI] TARGET=%target% GOTO %target% :devenv SET WIN_SDK_ROOT=C:\Program Files\Microsoft SDKs\Windows SET VS2015_ROOT=C:\Program Files (x86)\Microsoft Visual Studio 14.0 IF %PYTHON_VERSION_MAJOR% == 2 ( SET WINDOWS_SDK_VERSION="v7.0" ) ELSE IF %PYTHON_VERSION_MAJOR% == 3 ( IF %PYTHON_VERSION_MAJOR% LEQ 4 ( SET WINDOWS_SDK_VERSION="v7.1" ) ELSE ( SET WINDOWS_SDK_VERSION="2015" ) ) ELSE ( ECHO Unsupported Python version: "%PYTHON_VERSION%" EXIT 1 ) SETLOCAL ENABLEDELAYEDEXPANSION IF %PYTHON_ARCH% == 32 (SET PYTHON_ARCHX=x86) ELSE (SET PYTHON_ARCHX=x64) IF %WINDOWS_SDK_VERSION% == "2015" ( "%VS2015_ROOT%\VC\vcvarsall.bat" %PYTHON_ARCHX% ) ELSE ( SET DISTUTILS_USE_SDK=1 SET MSSdk=1 "%WIN_SDK_ROOT%\%WINDOWS_SDK_VERSION%\Setup\WindowsSdkVer.exe" -q -version:%WINDOWS_SDK_VERSION% "%WIN_SDK_ROOT%\%WINDOWS_SDK_VERSION%\Bin\SetEnv.cmd" /%PYTHON_ARCHX% /release ) GOTO :eof :install pip install --user --upgrade pip virtualenv SET VENV_DIR=.venv\%PYTHON_VERSION% rmdir /s /q %VENV_DIR% > nul 2>nul mkdir .venv > nul 2>nul IF "%PYTHON_VERSION_MAJOR%%PYTHON_VERSION_MINOR%" == "26" ( python -c "import virtualenv; virtualenv.main();" %VENV_DIR% ) ELSE ( python -m virtualenv %VENV_DIR% ) CALL %VENV_DIR%\Scripts\activate python -V pip install tox deactivate GOTO :eof :install_deps SET LXML_FILE= SET LXML_URL= IF %PYTHON_VERSION_MAJOR% == 3 ( IF %PYTHON_VERSION_MINOR% == 3 ( IF %PYTHON_ARCH% == 32 ( SET LXML_FILE=lxml-3.7.3.win32-py3.3.exe SET LXML_URL=https://pypi.python.org/packages/66/fd/b82a54e7a15e91184efeef4b659379d0581a73cf78239d70feb0f0877841/lxml-3.7.3.win32-py3.3.exe ) ELSE ( SET LXML_FILE=lxml-3.7.3.win-amd64-py3.3.exe SET LXML_URL=https://pypi.python.org/packages/dc/bc/4742b84793fa1fd991b5d2c6f2e5d32695659d6cfedf5c66aef9274a8723/lxml-3.7.3.win-amd64-py3.3.exe ) ) ELSE IF %PYTHON_VERSION_MINOR% == 4 ( IF %PYTHON_ARCH% == 32 ( SET LXML_FILE=lxml-3.7.3.win32-py3.4.exe SET LXML_URL=https://pypi.python.org/packages/88/33/265459d68d465ddc707621e6471989f5c2cb0d43f230f516800ffd629af7/lxml-3.7.3.win32-py3.4.exe ) ELSE ( SET LXML_FILE=lxml-3.7.3.win-amd64-py3.4.exe SET LXML_URL=https://pypi.python.org/packages/2d/65/e47db7f36a69a1b59b4f661e42d699d6c43e663b8fd91035e6f7681d017e/lxml-3.7.3.win-amd64-py3.4.exe ) ) ) IF NOT "%LXML_FILE%" == "" ( CALL :download %LXML_URL% .downloads\%LXML_FILE% easy_install --user .downloads\%LXML_FILE% ) GOTO :eof :test SET VENV_DIR=.venv\%PYTHON_VERSION% CALL %VENV_DIR%\Scripts\activate IF "%TOXENV%" == "" ( SET TOXENV=py%PYTHON_VERSION_MAJOR%%PYTHON_VERSION_MINOR% ) IF "%PYTHON_VERSION_MAJOR%%PYTHON_VERSION_MINOR%" == "26" ( SET TOX=python -c "from tox import cmdline; cmdline()" ) ELSE ( SET TOX=python -m tox ) IF %PYTHON_VERSION_MAJOR% == 3 ( IF %PYTHON_VERSION_MINOR% LEQ 4 ( :: Python 3.3 and 3.4 does not support typed-ast (mypy dependency) %TOX% --sitepackages -e %TOXENV%-test,%TOXENV%-lint,cov || EXIT 1 ) ELSE ( %TOX% --sitepackages -e %TOXENV%-test,%TOXENV%-type,%TOXENV%-lint,cov || EXIT 1 ) ) ELSE ( %TOX% --sitepackages -e %TOXENV%-test,%TOXENV%-lint,cov || EXIT 1 ) GOTO :eof :download IF NOT EXIST %2 ( IF NOT EXIST .downloads\ mkdir .downloads powershell -command "(new-object net.webclient).DownloadFile('%1', '%2')" || EXIT 1 ) GOTO :eof ssh-audit-3.3.0/tox.ini000066400000000000000000000064321470352310600147370ustar00rootroot00000000000000[tox] envlist = py{py3}-{test,pylint,flake8} py{38,39,310,311,312,313}-{test,mypy,pylint,flake8} cov skip_missing_interpreters = true [testenv] deps = test: pytest test,cov: {[testenv:cov]deps} test,py{38,39,310,311,312,313}-{type,mypy}: colorama py{38,39,310,311,312,313}-{type,mypy}: {[testenv:mypy]deps} py{py3,38,39,310,311,312,313}-{lint,pylint},lint: {[testenv:pylint]deps} py{py3,38,39,310,311,312,313}-{lint,flake8},lint: {[testenv:flake8]deps} setenv = SSHAUDIT = {toxinidir}/src test: COVERAGE_FILE = {toxinidir}/.coverage.{envname} type,mypy: MYPYPATH = {toxinidir}/test/stubs type,mypy: MYPYHTML = {toxinidir}/reports/html/mypy commands = test: coverage run --source ssh_audit -m -p -- \ test: pytest -v --junitxml={toxinidir}/reports/junit.{envname}.xml {posargs:test} test: coverage combine test: coverage report --show-missing test: coverage html -d {toxinidir}/reports/html/coverage.{envname} py{38,39,310,311,312,313}-{type,mypy}: {[testenv:mypy]commands} py{py3,38,39,310,311,312,313}-{lint,pylint},lint: {[testenv:pylint]commands} py{py3,38,39,310,311,312,313}-{lint,flake8},lint: {[testenv:flake8]commands} #ignore_outcome = # type: true # lint: true [testenv:cov] deps = coverage setenv = COVERAGE_FILE = {toxinidir}/.coverage commands = coverage erase coverage combine coverage report --show-missing coverage xml -i -o {toxinidir}/reports/coverage.xml coverage html -d {toxinidir}/reports/html/coverage [testenv:mypy] deps = colorama lxml mypy commands = mypy \ --strict \ --show-error-context \ --html-report {env:MYPYHTML}.py3.{envname} \ {posargs:{env:SSHAUDIT}} [testenv:pylint] deps = mccabe pylint commands = pylint \ --rcfile tox.ini \ --load-plugins=pylint.extensions.bad_builtin \ --load-plugins=pylint.extensions.check_elif \ --load-plugins=pylint.extensions.mccabe \ {posargs:{env:SSHAUDIT}} [testenv:flake8] deps = flake8 commands = flake8 {posargs:{env:SSHAUDIT} {toxinidir}/setup.py {toxinidir}/test {toxinidir}/ssh-audit.py} --statistics [pylint] reports = no #output-format = colorized indent-string = " " disable = broad-except, duplicate-code, fixme, invalid-name, line-too-long, missing-docstring, no-else-raise, no-else-return, super-with-arguments, # Can be re-factored, at some point. too-complex, too-many-arguments, too-many-boolean-expressions, too-many-branches, too-many-instance-attributes, too-many-lines, too-many-locals, too-many-nested-blocks, too-many-positional-arguments, too-many-return-statements, too-many-statements, consider-using-f-string max-complexity = 15 max-args = 8 max-locals = 20 max-returns = 6 max-branches = 15 max-statements = 60 max-parents = 7 max-attributes = 8 min-public-methods = 1 max-public-methods = 20 max-bool-expr = 5 max-nested-blocks = 6 max-line-length = 80 ignore-long-lines = ^\s*(#\s+type:\s+.*|[A-Z0-9_]+\s+=\s+.*|('.*':\s+)?\[.*\],?|assert\s+.*)$ max-module-lines = 2500 [flake8] # E241 = multiple spaces after operator; should be kept for tabular data # E303 = too many blank lines # E501 = line too long ignore = E241, E303, E501 [pytest] junit_family = xunit1 [coverage:paths] source = src */site-packages ssh-audit-3.3.0/windows_icon.ico000066400000000000000000000410761470352310600166250ustar00rootroot00000000000000@@ (B(@    # & & ))) & & , / 22 0 /++, /00 / + + ) /3 2 - ,)) ) &#     #  ###& & ) + ,,, ) , 2 6 6 630.0 236 2 0 - -36 6 0 , ) , )&## ##&#  # # #&&&) , 0 0 / / + - 5 9: 9 5303 568 52 0 28 : 62 / / / ,)&&#&))#  # & & ))), , 04 53 0 0 6 =?= :666 9;; 942 8 > =: 6 2 2 2,+)&)+.)# # & & ) ) ,,. / 077 8 52 9 @BB @ >8 : =AA =:7 = EB= 6 5 6 50+++.0.) #  # & ) + - - /0 2 57= = : 6 9 BGGD @> > @D E?== E GC? 9 9 9 530.063, & ##    # & ) / 02 236 8:?B @ ==DLKL EAD GK KG?B KLGB =? =83338;3 , ) &#    ### # # & ) / 047 8 8 : =CG G B?GOSO KGGL O OKCGSOKDDD >866;A : 2 - )& # # # #     # # & & & & & & ) / 67:= = > @DKK KGGSZWOK KO VSOKOZWO GG GA>;>DA 8 0 /,) & & & # ##    # & & ) ) ) ), , , - 6 9=?B E EGKSOLKW^`Z R RW ZZSOZbXSOO KDAAGG @ 6 2 / , + + ) ) & &&&#  #& ) , - - - / / / 0 6 9?CG G KLOXWVOZdid Z V_ d_XXfd`VWS KGGK R G? 9 5 2 0 - + + ,,))&# #& , / 222 6 5 5 5 6 9BGKOOOS[`_W^mpj _ _d jd`^tmdZ^V OK O Z RD? : 5442 0 0 /0.)& ## & ) / 2 6 67 9 9 9 9:?GOSSVV^djb`tzu j jm wmdmyqddd Z R V _ _OD @ =:77 6 6 563.)##  && & ) , 2 8 = =?B? @?BGOX[^_diqndwt pw wk| xmmf _ Z d jZK G BB?== =;;6.))&& & &), , , , 2 5 = BDGGG GGGOZ`dfjp x|pz ~ w} x }wt j d j pfWOLGFCB BDA;3.+, , , ) &), / 2 2 2 6 9 @ GLKOOOOOZdkptt |z "" %'y p p t`WSOKKK KKG>6333 0 0 - ) &)+03 8 9 9 9 =DLSWXWWWZdp x||%'""%%%' '*~ wmdZXSSSS RK>;8 : 9: 6 0 , )#&+038 > @ BDDLS^d`dd^dp"$'*""""()%%'*()""  md`_`_ _ Z RGDADB= 9 6 0 , &##).06;A GLLLOZdmppmmp}%'%'""-.*++,().5 !/3!"!"ztkkij j d VKKLKGB = 6 2 /)&##&)03;>G KSVWZ^mz}}zzz *+%%.6%)$*3636%)#%.6'136()  x x xy w j Z VVWSKG? 9 5 /,)&# & ) ) ,36;DK RZbddmw %'  *+.6 !/38<+,8<:>'1)1+?:>36*0""#%#%  p dbddXSLD = 83 /,))& & ) + 0 2 5 8 >DK V _ jtww !"*+"" ""/336*0?M153D@S!))40>/H&( ()""'*'*"" wtwui`WO G @ : 8 5 2 / ,)& ) + -247: = B G O Z d p~ ""()/3()$*.63D:>0>@`.DCb'3+@1P+]@S.D "")1()-7-7 ! pdZO K G B = 9 8 5 2 /,) ) + 02 6:=?CGLSZ j w!"%%+,8<8<*0+?7_+@8s.ZAm3?$A,m8b8b'3 '3+?0A0A%%"" wj_VSL GD @ = : 83 /,) ) - 02 6:=CFKSXZdny !+,15=D=D/H+]8s8XC}C}8X4M-Lj8b,33?7_/_/H%)()!"|nf_ZWSL G E @ : 50,)& + - 047=BCKOSX`ipu| 15=D@S@`+]/C}C}PIp8XAY~4M3?,m0s1P 158+,%%"" |tf_V O GA > : 8 2 2 0 + ) 0 6 9=?BGKOSX`dp x$%}"$%''*-7.6*0!))*'1+,()t jbZSOLGBB=:742 - /3 8 : @DLOW^dip x"$%''*.5-70A-Z/_+]%NA E K RZ_jn| ""%%()/33D6Q1k-..-]||C}8b8b1P.D1536/3.6-.*+'*%'#% xqi`XSOGB?: 6 2 0 / 2 5 : = B GLSV_fny !#%)10>1P8X8s?NYxq]RC}Am@`.D+],m-AYyxxlcNPIpCb@S6Q0A.6.5%'#%$%}$$skd_XSKFC?:742 + +.368>AGK R Zbnt|!"$*/3+?/H+],m.QYSPllClXrXrPC?0s36()!"  xkd[SOKC?:742 - + ).36;A E KOVZ_dfntw%''*$*%)&(/H1k-AS8s8sY~R]8sARA ELSX`it| .59I5M5M7_Am+@%N%N8X8b4MIp%N.Z8bR,3'3+@"" 369I9I.5%'|uqqidZVO G B = 62 - + &),.33 8 =BGKSZbfny"$36.5.5.6?M6Q'1)4+@%N3?8b3?Cb$A%N$A0sCb"" 15.53636+,}mf_^[XSOLD @ : 8 2 / )&) , 0 6:=BGLSZ_fm x$%}+,%'%'-78<0A !&()1)4+@)*.Z,38b'3+@.D'37_=D%) ! +,+,$%}$$sk^VOLKKFC?: 6 5 /, & + -24 9 = B E KOSZ`k$$s$%}$%}#%*+.6-.#%#%15!)'3.D'31P!)!)'13D?M&(%%}$$s$$sk_[OL E @ ==:742 0 , ) + - 2 5 8 : > B GLS[_kkq x'*-.%' !*0)4)1/H%)#%0A36  ymid_[SKG @ : 5 5 2 0 0 - + &,,036 : =?GKSX[`dq%''*()*0&(8< !$*()-7()~ w jb^XSSKFC= 6 2 /,) ) &&),.3 5 9=?FKOSSXk$%}$%}uty!"() !/3 *+*+ ywtn j dZSOKKF??:4 0 ,)&#&)), / 67:?CFKKSdqqijny~*+-.%''* w pnjjf _ Z R KGGC??742 - ) &##& ) -247:=?CCK`i`^_bjtyt  *+#% ~ p db_^Z V RK E @ =::442 + ) & ## & ) + -247::=GX`XSVZ_fnnt ~|w|| x xz j _ ZVVSS KGDA : 8 622 - + ) & & # & ) + - 022 6:CSSKKL OVZbbfnwy  t~yntyypkqm _ V R OOL G ED>;63 0 - + + & & # # & & ) + - - 04BKKGB G K KSZZZbjn p~|u| ~nttjdn pjddib RKG E GD B @;860. , ) & & & # # & & ) ) +2=CC= = @A E KOSOV_db jymmt wy xtf j jf__ j d^[[^VKGDA @ = : :630.)& & # # # # # & ) 07=:7 6 8 > > B G K K KSZ_ Z jndd j pnpn _bb_VWZ _ZSSXW KD>;; 9 6 533.+)&#   # & +47 6 0 036 8 : @ E E E KOVS V db^^ d dfdfZZ _ZSOS V VOKKOLD>;66 5 2 / /,))&#  # ) 02 0 - - /33 5 : > @ > @ GLO O R _ZWW _ __`_ R R VSOLL O RLGFFG E>6300 / /,))&##  & + + ) ) ),,033 8 : : : @DG GG RZOOS V VVXV O K O O G G G GKGDB?BD >63.+,,))&##   # & & & # &&)), /3 5 5 5 8 = @ BAD OOLKO R ROSS K EK K E @ @ @DG @==== =60.))&& &##   # # # #  #&&)),33 /3 8 : = @>D K GDG GKKLKL EADG B = = = >A > 9777 9 50+)&&##   ##&), /,,3 5 8 98;A G @?B EGG GG GA : >A > : 8 8 9;; 8 6222 63+&&#    #&)))), /3 5 568AA = = =ADA BB B >68> : 8 5 5 5666 2 0 0 0 0 /,&#    #&&&&), / 2336 > : 87 9;>> == = :33863 2 / /333 / - + + + + ,&#  ####&), , /..6 8 5 2 6 8888 9: 9600330 / , , ,00. ) ) ) ) ) )&#     ##&) ))+.33 2 0 03666 5 6 53.,00., )) ))++) & & & # # #   #& &))).0 / , , - /330 22 20,),.,)& & &&))&# # # # # #   ##&&&+., ) ) ,,..0 / 0 /.)&)+)&&###&&&#    ###&))& & & ))++, , + ,,&#&&&&#    ##