Skip to content

Commit

Permalink
Added built-in policy for OpenSSH 9.9.
Browse files Browse the repository at this point in the history
  • Loading branch information
jtesta committed Sep 24, 2024
1 parent d7398ba commit cdfa39f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ For convenience, a web front-end on top of the command-line tool is available at
## ChangeLog

### v3.3.0-dev (???)
- Added built-in policies for Ubuntu 24.04 LTS server and client, and OpenSSH 9.8.
- Added built-in policies for Ubuntu 24.04 LTS server & client, OpenSSH 9.8, and OpenSSH 9.9.
- Added IPv6 support for DHEat and connection rate tests.
- Added TCP port information to JSON policy scan results; credit [Fabian Malte Kopp](https://github.com/dreizehnutters).
- Added LANcom LCOS server recognition and Ed448 key extraction; credit [Daniel Lenski](https://github.com/dlenskiSB).
Expand Down
1 change: 1 addition & 0 deletions src/ssh_audit/builtin_policies.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@

'Hardened OpenSSH Server v9.8 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]'], 'kex': ['[email protected]', 'curve25519-sha256', '[email protected]', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-s', '[email protected]'], 'ciphers': ['[email protected]', '[email protected]', '[email protected]', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['[email protected]', '[email protected]', '[email protected]'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "[email protected]": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "[email protected]": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "[email protected]": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "[email protected]": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "[email protected]": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},

'Hardened OpenSSH Server v9.9 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]'], 'kex': ['sntrup761x25519-sha512', '[email protected]', 'mlkem768x25519-sha256', 'curve25519-sha256', '[email protected]', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-s', '[email protected]'], 'ciphers': ['[email protected]', '[email protected]', '[email protected]', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['[email protected]', '[email protected]', '[email protected]'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "[email protected]": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "[email protected]": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "[email protected]": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "[email protected]": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "[email protected]": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},

# Amazon Linux Policies

Expand Down

0 comments on commit cdfa39f

Please sign in to comment.