DHEat never finishes on some platforms due to `errno` checks

drewmnoel commented 4 months ago

The DHEat checks use hardcoded values for errno that are platform-dependent. This causes the check to hang if connect_ex is a number other than 0 or 115:

https://github.com/jtesta/ssh-audit/blob/9049c8476ad75494f03941c1d2ff77206a2846c6/src/ssh_audit/dheat.py#L443-L448

A truncated debug run shows that macOS returns 36, its EINPROGRESS.

$ python3 ./ssh-audit.py --debug 192.168.1.254
Starting audit of 192.168.1.254:22...
Connecting to 192.168.1.254:22...
Getting banner...
KEX initialisation...
[..snip..]
Resolved 192.168.1.254 to 192.168.1.254 (address family 2)
DHEat.dh_rate_test(): starting test; parameters: 1.500000 seconds, 38 max connections, 3 concurrent sockets.
connect_ex() returned: 36
connect_ex() returned: 36
connect_ex() returned: 36
connect_ex() returned: 36
connect_ex() returned: 36
[..snip, runs forever..]

$ python3 -c "import os; print(os.strerror(36))"
Operation now in progress

oddnoc commented 4 months ago

The same thing is happening on FreeBSD.

michael-o commented 3 months ago

@drewmnoel Can you modify the title add FreeBSD as well. Bet that all BSDs are affected, but cannot verify.

drewmnoel commented 3 months ago

I can't verify either, and I don't know if listing all affected platforms is practical either.

michael-o commented 3 months ago

I can't verify either, and I don't know if listing all affected platforms is practical either.

I did on FreeBSD, you can safely add it ot the title.

jtesta / ssh-audit

DHEat never finishes on some platforms due to `errno` checks #288