No updates in 2 years ... is this project no longer active?

[drakkhen]

+1

This project started out awesome and looked really promising. But it’s useless if it’s not kept current.

[moralrebuild]

keep it update pls

[StewAlexander-com]

Looks like there's been no work on this in 3 years?

[jtesta]

@arthepsy If you're looking for a new maintainer of this project, I'd be happy to do it. I submitted the host key and moduli PRs back in 2017 (which are still open), and I've got more ideas for improvements.

[Mjolinir]

@jtesta If you decide to fork this project, that would be awesome, please post here to let us know

[immanuelfodor]

Please point me in the right direction to an up-to-date fork, this project used to be awesome as a local testing tool without 3rd party involvement.

[immanuelfodor]

Hmm, according to the network graph, it's https://github.com/jtesta/ssh-audit/tree/all_my_patches but still 2 years old :confused:

[Athanasius]

I'm another happy user who is looking for an updated version of this.

[immanuelfodor]

By the way, I have OpenSSH_8.0p1, OpenSSL 1.1.1c 28 May 2019. Are there such recommendations somewhere like the ssh-audit prints at the end for OpenSSH 7.6? We could check that manually.

[jtesta]

@immanuelfodor @Athanasius @Mjolinir @StewAlexanderACC @moralrebuild @drakkhen @barkingdog69 : I just merged my "all_my_patches" branch to master: https://github.com/jtesta/ssh-audit/ This has the three PRs (#30, #31, #32) which add new algorithms, host key checks, certificate checks, and DH group checks.

I've tried reaching out to arthepsy repeatedly in the last two years about either merging my PRs, or formally handing over maintainership. I rarely heard back, so its time for us to just move on. I'll continue maintenance under my own fork, and I'll accept PRs and suggestions from the community.

Early next week I'll add in new algorithms and make an official release. In the meantime, please star/watch/fork my repo!

P.S. I've been operating the ssh-audit.com website for almost two years now (its a web front-end to the command line tool). It gets some pretty good traffic on a daily basis, so I'm invested in keeping the tool up-to-date.

[Athanasius]

Thanks for that! I've Start'd and starting Watch'ing your repo, and updated my .git/config to these remotes (rather than arthespy's as origin):

[remote "arthepsy"]
        url = https://github.com/arthepsy/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/origin/*
[remote "jtesta"]
        url = https://github.com/jtesta/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/jtesta/*
[remote "origin"]
        url = https://github.com/jtesta/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/jtesta/*```

[StewAlexander-com]

Thanks all for the feedback and @jtesta for all the work.

[immanuelfodor]

Thanks, I'm heading over there and opening a ticket for adding OpenSSH 8 recommendations :D

[immanuelfodor]

Hmmm, there is no Issues tab on your repo

[Mjolinir]

@jtesta Great news, and thank you so much for the work, will check out your repo! Will be eagerly awaiting your first release.

[jubalh]

Do you think renaming would be suitable? In case upstream awakens again and starts to develop (without accepting the currently proposed patches)?

[jtesta]

Just now, I've released v2.0.0 with several major improvements!: https://github.com/jtesta/ssh-audit/releases/tag/v2.0.0