Skip to content

v2.3.1

Compare
Choose a tag to compare
@jtesta jtesta released this 29 Oct 00:49
· 274 commits to master since this release
v2.3.1

This release features better public key size parsing, as well as a major code re-organization (see #46 and #47), and other improvements.

Please note that this version is also available as a PyPI package (pip3 install ssh-audit), Snap package (snap install ssh-audit), or as a Windows executable (below).

The full change log is:

  • Now parses public key sizes for rsa-sha2-256-cert-v01@openssh.com and rsa-sha2-512-cert-v01@openssh.com host key types.
  • Flag ssh-rsa-cert-v01@openssh.com as a failure due to SHA-1 hash.
  • Fixed bug in recommendation output which suppressed some algorithms inappropriately.
  • Built-in policies now include CA key requirements (if certificates are in use).
  • Lookup function (--lookup) now performs case-insensitive lookups of similar algorithms; credit Adam Russell.
  • Migrated pre-made policies from external files to internal database.
  • Split single 3,500 line script into many files (by class).
  • Added setup.py support; credit Ganden Schaffner.
  • Added 1 new cipher: des-cbc@ssh.com.