jtesta
commented
4 years ago Thanks for the suggestion! Unfortunately, it seems like this feature would only be testable after the entire SSH handshake was completed. It may even need full authentication performed as well.
That would make this outside the scope of this project. There is no code to perform that much handshaking. The project mostly focuses on analyzing the first couple messages during the connection setup process. To implement this test would require LOTS more complexity. The small reward for such a very large investment doesn't make sense. Of course, if someone wanted to write all that code, I'd consider merging it.
One catch is that full authentication would be a hard deal-breaker. If we included code that handles sensitive passwords & keys, then we would need to do an intense security audit to ensure its not leaking info. The time commitment needed to do this, as well as ensure ongoing security, would be well beyond what I can handle as a volunteer.
So I'm not going to say that this feature request is entirely dead, but realistically speaking, it doesn't seem like it can happen.
egberts
Yeah, SSH client 'ControlMaster' should also be checked as 'disabled' as well.
Just unclear as how to enable an SSH client to see if such server can support 'ControlMaster'
IMHO, ControlMaster should have been compiled out by default. But they took that compile options out way back in OpenSSH v3.9.
In my bash alias file, I have the following: