search

arthepsy / ssh-audit

SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
2.96k stars 268 forks source link

Audit sshd features #11

Open knweiss opened 8 years ago

knweiss commented 8 years ago

There's the sshd -T feature. It checks the validity of the /etc/ssh/sshd_config configuration file and outputs the effective configuration to stdout and then exits.

I thought this may be an interesting and easy way to audit the effective server settings.

I.e. it would be possible to not only check the configured algorithms but also insecure or dangerous features (e.g. X11Forwarding, Agent-Forwarding, etc).

Obviously, this check would only run locally (i.e. not remote) but it would make sshd hardening easier.

knweiss commented 8 years ago

Also, checking the bit sizes of the configured SSH host keys (e.g. RSA >= 2048 bit) would be another useful local check.