arthepsy / ssh-audit

SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
2.96k stars 268 forks source link

No updates in 2 years ... is this project no longer active? #42

Open barkingdog69 opened 5 years ago

drakkhen commented 5 years ago

+1

This project started out awesome and looked really promising. But it’s useless if it’s not kept current.

moralrebuild commented 5 years ago

keep it update pls

StewAlexander-com commented 5 years ago

Looks like there's been no work on this in 3 years?

jtesta commented 5 years ago

@arthepsy If you're looking for a new maintainer of this project, I'd be happy to do it. I submitted the host key and moduli PRs back in 2017 (which are still open), and I've got more ideas for improvements.

Mjolinir commented 5 years ago

@jtesta If you decide to fork this project, that would be awesome, please post here to let us know

immanuelfodor commented 5 years ago

Please point me in the right direction to an up-to-date fork, this project used to be awesome as a local testing tool without 3rd party involvement.

immanuelfodor commented 5 years ago

Hmm, according to the network graph, it's https://github.com/jtesta/ssh-audit/tree/all_my_patches but still 2 years old :confused:

Athanasius commented 5 years ago

I'm another happy user who is looking for an updated version of this.

immanuelfodor commented 5 years ago

By the way, I have OpenSSH_8.0p1, OpenSSL 1.1.1c 28 May 2019. Are there such recommendations somewhere like the ssh-audit prints at the end for OpenSSH 7.6? We could check that manually.

jtesta commented 5 years ago

@immanuelfodor @Athanasius @Mjolinir @StewAlexanderACC @moralrebuild @drakkhen @barkingdog69 : I just merged my "all_my_patches" branch to master: https://github.com/jtesta/ssh-audit/ This has the three PRs (#30, #31, #32) which add new algorithms, host key checks, certificate checks, and DH group checks.

I've tried reaching out to arthepsy repeatedly in the last two years about either merging my PRs, or formally handing over maintainership. I rarely heard back, so its time for us to just move on. I'll continue maintenance under my own fork, and I'll accept PRs and suggestions from the community.

Early next week I'll add in new algorithms and make an official release. In the meantime, please star/watch/fork my repo!

P.S. I've been operating the ssh-audit.com website for almost two years now (its a web front-end to the command line tool). It gets some pretty good traffic on a daily basis, so I'm invested in keeping the tool up-to-date.

Athanasius commented 5 years ago

Thanks for that! I've Start'd and starting Watch'ing your repo, and updated my .git/config to these remotes (rather than arthespy's as origin):


[remote "arthepsy"]
        url = https://github.com/arthepsy/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/origin/*
[remote "jtesta"]
        url = https://github.com/jtesta/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/jtesta/*
[remote "origin"]
        url = https://github.com/jtesta/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/jtesta/*```
StewAlexander-com commented 5 years ago

Thanks all for the feedback and @jtesta for all the work.

immanuelfodor commented 5 years ago

Thanks, I'm heading over there and opening a ticket for adding OpenSSH 8 recommendations :D

immanuelfodor commented 5 years ago

Hmmm, there is no Issues tab on your repo

Mjolinir commented 5 years ago

@jtesta Great news, and thank you so much for the work, will check out your repo! Will be eagerly awaiting your first release.

jubalh commented 5 years ago

Do you think renaming would be suitable? In case upstream awakens again and starts to develop (without accepting the currently proposed patches)?

jtesta commented 5 years ago

Just now, I've released v2.0.0 with several major improvements!: https://github.com/jtesta/ssh-audit/releases/tag/v2.0.0