search

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
3.36k stars 176 forks source link

(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [fail] using small 1024-bit modulus #199

Closed halfluke closed 1 year ago

halfluke commented 1 year ago

(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [fail] using small 1024-bit modulus `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength

Is this a fail or should it be only a warning? why does it say "using small 1024-bit modulus" if it's 2048-bit?

Thank you

jtesta commented 1 year ago

Hmm... that looks like a bug. Is the target host reachable via the public Internet? If so, what's its address? I'd like to use it to debug this issue. (If you don't feel comfortable sharing the address here, you can e-mail it to me privately at: jtesta at-sign positronsecurity dot com).

halfluke commented 1 year ago

Thank you for replying. I'm afraid the targets are internal only, but it occurred on multiple targets. I was wondering if it could just be an error in the code, pairing the "fail" message with "diffie-hellman-group-exchange-sha256 (2048-bit)" when it should not?

jtesta commented 1 year ago

I suppose I'll take a look at the code, then and see if I can piece it together.

What version of ssh-audit is this? The master branch, or a release?

halfluke commented 1 year ago

Hi, it's the ~master branch.~ . Sorry, the 2.9.0 release installed via pip

halfluke commented 1 year ago

Ok, I've just quickly tested and it does not seem to happen for the latest master branch!

jtesta commented 1 year ago

Ahh, ok! Glad to hear that the master branch works for you!

FYI, I was thinking about making another release in the next week or so since there are already a couple key fixes in master.