nhyatt/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-07-18 19:40:59 -05:00
Code Issues Projects Releases Wiki Activity

Fixed pylint errors, consolidated error checking for granular GEX tests, renamed functions for better readability.

Browse Source
This commit is contained in:
Joe Testa
2022-03-13 20:58:22 -04:00
parent 19f192d21f
commit 11905ed44a
4 changed files with 51 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ssh-audit.1
View File

@ -1,4 +1,4 @@
.TH SSH-AUDIT 1 "February 13, 2022"
.TH SSH-AUDIT 1 "March 13, 2022"
.SH NAME
\fBssh-audit\fP \- SSH server & client configuration auditor
.SH SYNOPSIS
@ -52,36 +52,29 @@ Starts a server on port 2222 to audit client software configuration. Use -p/--p
Enable debug output.
.TP
.B -g, \-\-gex-test=<n[,n,...] | min:pref:max[,min:pref:max,...] | n-n[:step]>
.B -g, \-\-gex-test=<x[,y,...] | min1:pref1:max1[,min2:pref2:max2,...] | x-y[:step]>
.br
Runs a Diffie-Hellman Group Exchange modulus size test against a server.
Diffie-Hellman requires the client and server to agree on a generator value and
a modulus value. In the "Group Exchange" implementation of Diffie-Hellman, the
client specifies the size of the modulus in bits by providing the server with
minimum, preferred and maximum values. The server then finds a group that best
matches the client's request, returning the corresponding generator and modulus.
For a full explanation of this process see RFC 4419 and its successors.
Diffie-Hellman requires the client and server to agree on a generator value and a modulus value. In the "Group Exchange" implementation of Diffie-Hellman, the client specifies the size of the modulus in bits by providing the server with minimum, preferred and maximum values. The server then finds a group that best matches the client's request, returning the corresponding generator and modulus. For a full explanation of this process see RFC 4419 and its successors.
This test acts as a client by providing an SSH server with the size of a modulus
and then obtains the size of the modulus returned by the server.
This test acts as a client by providing an SSH server with the size of a modulus and then obtains the size of the modulus returned by the server.
Three types of syntax are supported:
1. <n[,n,...]>
A comma delimited list of modulus sizes.
A test is performed against each value in the list where it acts as the minimum, preferred and maximum modulus size.
2. <min:pref:max[,min:pref:max,...]>
A set of three colon delimited values denoting minimum, preferred and maximum modulus size.
A test is performed against each set.
Multiple sets can specified as a comma separated list.
3. <n-n[:step]>
3. <x-y[:step]>
A range of modulus sizes with an optional step value. Step defaults to 1 if omitted.
If the left value is greater than the right value, then the sequence operates from right to left.
A test is performed against each value in the range where it acts as the minimum, preferred and maximum modulus size.