This is the first release of ssh-audit in almost three years! It features the following major improvements:
- Forked from https://github.com/arthepsy/ssh-audit (development was stalled, and developer went MIA).
- Added RSA host key length test.
- Added RSA certificate key length test.
- Added Diffie-Hellman modulus size test.
- Now outputs host key fingerprints for RSA and ED25519.
- Added 5 new key exchanges:
sntrup4591761x25519-sha512@tinyssh.org,diffie-hellman-group-exchange-sha256@ssh.com,diffie-hellman-group-exchange-sha512@ssh.com,diffie-hellman-group16-sha256,diffie-hellman-group17-sha512. - Added 3 new encryption algorithms:
des-cbc-ssh1,blowfish-ctr,twofish-ctr. - Added 10 new MACs:
hmac-sha2-56,hmac-sha2-224,hmac-sha2-384,hmac-sha3-256,hmac-sha3-384,hmac-sha3-512,hmac-sha256,hmac-sha256@ssh.com,hmac-sha512,hmac-512@ssh.com. - Added command line argument (-t / --timeout) for connection & reading timeouts.
- Updated CVEs for libssh & Dropbear.