ssh-audit
ssh-audit copied to clipboard
arthepsy
SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
According to the release notes for OpenSSH 8.0 (https://www.openssh.com/releasenotes.html), a new quantum-resistant key exchange algorithm was implemented: ``` * ssh(1), sshd(8): Add experimental quantum-computing resistant key exchange method, based on...
Since ssh-audit can used in a script, it would be nice if ssh-audit would exit with exit code of 2 if there are 1 or more recommendations. I'd be fine...
Very neat tool, thanks for making it! I think it would be neat to have a flag which would output 'good' sshd_config config line. Something that crossed my mind while...
Thank for your work. But after this audit, what are your guidelines for sshd_config ? I've seen this one : https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29 but your audit still show some warning. Azlux
SSHFP DNS records are a useful feature which enables one to save SSH fingerprints in DNS, so that you don't have to check them manually. It would be useful if...
I found some non-standard SSH algorithms in use out in the wild that are not currently supported: ``` des-cbc-ssh1 blowfish-ctr hmac-sha256 [email protected] hmac-sha2-384 ```
What do you think about the idea of a SSH **client** audit feature? Of course, admins can configure a good and up-to-date system-wide client config (`/etc/ssh/ssh_config`). However, users also have...
