This is the first release of ssh-audit in almost three years! It features the following major improvements:
- Forked from https://github.com/arthepsy/ssh-audit (development was stalled, and developer went MIA).
- Added RSA host key length test.
- Added RSA certificate key length test.
- Added Diffie-Hellman modulus size test.
- Now outputs host key fingerprints for RSA and ED25519.
- Added 5 new key exchanges:
sntrup4591761x25519-sha512@tinyssh.org
,diffie-hellman-group-exchange-sha256@ssh.com
,diffie-hellman-group-exchange-sha512@ssh.com
,diffie-hellman-group16-sha256
,diffie-hellman-group17-sha512
. - Added 3 new encryption algorithms:
des-cbc-ssh1
,blowfish-ctr
,twofish-ctr
. - Added 10 new MACs:
hmac-sha2-56
,hmac-sha2-224
,hmac-sha2-384
,hmac-sha3-256
,hmac-sha3-384
,hmac-sha3-512
,hmac-sha256
,hmac-sha256@ssh.com
,hmac-sha512
,hmac-512@ssh.com
. - Added command line argument (-t / --timeout) for connection & reading timeouts.
- Updated CVEs for libssh & Dropbear.