Missing "keysize" Information in Output

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

MIT License

3.36k stars 176 forks source link

Missing "keysize" Information in Output #275

Closed dreizehnutters closed 2 months ago

dreizehnutters commented 3 months ago

The .json output does not contain consitant information about host keys in the "key" section:

grafik

I would expect that for each key the "keysize" information is also presented.

grafik

dreizehnutters commented 3 months ago

open PR: https://github.com/jtesta/ssh-audit/pull/276

jtesta commented 3 months ago

The original intention was to provide key size information only for types that are variable, such as RSA. ED25519 and NISTP* all have fixed-size keys, so it would just be redundant information being given back to the user.

dreizehnutters commented 3 months ago

I see your point @jtesta. I personly would prefer a more consitant output format.

jtesta commented 3 months ago

Let's allow the community to decide this issue, then. We'll take votes on this matter from now until October 1 (almost a 3-month window).

Anyone who wants the JSON output updated to always include key size information, place a thumbs-up emoji on this comment. Anyone who thinks the current behavior should remain (key size information is only given for variable-sized key types), place a thumbs-down emoji on this comment.

I'll implement whatever behavior the community wants after Oct. 1, 2024.