An API for ssh_scan (https://github.com/mozilla/ssh_scan) and the backend API service for the Mozilla SSH Observatory (https://observatory.mozilla.org/)
31
stars
12
forks
source link
How do we want to deal with scans that failed auth_method detection? #74
1.) Investigate further why the auth_method detection isn't working or why the client is erroring
2.) Return a partial result, but fail on compliance for the auth_method part
3.) In cases where we can't determine compliance, maybe we give them a pass on auth_method detection
Cases I think of that could cause this would be services that expect client-side certs or have some sort of MFA requirement, but pokeinthe.io is a good repro target to work with.
Options...
1.) Investigate further why the auth_method detection isn't working or why the client is erroring 2.) Return a partial result, but fail on compliance for the auth_method part 3.) In cases where we can't determine compliance, maybe we give them a pass on auth_method detection
Cases I think of that could cause this would be services that expect client-side certs or have some sort of MFA requirement, but pokeinthe.io is a good repro target to work with.