search

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
3.43k stars 177 forks source link

fix for https://github.com/jtesta/ssh-audit/issues/275 #276

Closed dreizehnutters closed 4 months ago

dreizehnutters commented 5 months ago

this PR is intende to fix the issue that only for RSA-type keys host key keysizes were presented.

before:

$ python3 ssh-audit.py -j -p 2222 127.0.0.1| jq -r '([ .key[]| "\(.algorithm) \(.keysize)" ])'
[
  "rsa-sha2-512 3072",
  "rsa-sha2-256 3072",
  "ecdsa-sha2-nistp256 null",
  "ssh-ed25519 null"
]

after:

$ python3 ssh-audit.py -j -p 2222 127.0.0.1| jq -r '([ .key[]| "\(.algorithm) \(.keysize)" ])'
[
  "rsa-sha2-512 3072",
  "rsa-sha2-256 3072",
  "ecdsa-sha2-nistp256 512",
  "ssh-ed25519 256"
]

with ground truth

$ ssh-keyscan -p 2222 127.0.0.1 2>/dev/null | ssh-keygen -lf -                                
3072 SHA256:KrDbcT3b8pMXgikNSi5ssdSFRhoLnXJoAb0aImjSDqQ [127.0.0.1]:2222 (RSA)
256 SHA256:v3aexUOF5AOopr5wMarxUGQjGAOwh1HDBD5ujmTZgzg [127.0.0.1]:2222 (ECDSA)
256 SHA256:U85dNhRGEU/l4qoGabmVSXEVih/551hzG/gKe2OyBtc [127.0.0.1]:2222 (ED25519)
dreizehnutters commented 5 months ago

bump @jtesta