search

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
3.33k stars 174 forks source link

Dropbear ssh hardening guide addition #159

Closed graysky2 closed 1 year ago

graysky2 commented 1 year ago

The current release of dropbear can be hardened by building it adding the following three lines to localoptions.h:

#define DROPBEAR_RSA_SHA1 0
#define DROPBEAR_DH_GROUP14_SHA1 0
#define DROPBEAR_SHA1_HMAC 0

Wondering if you would like to add this to your hardening guide.

Reference: https://github.com/mkj/dropbear/issues/138

jtesta commented 1 year ago

I've updated the website (https://www.ssh-audit.com/hardening_guides.html) and the wiki (https://github.com/jtesta/ssh-audit/wiki/Dropbear-2022.83) with this. Thanks for contributing!