v2.3.0

The highlight of this release is support for policy scanning (this allows an admin to test a server against a hardened/standard configuration). See the tutorial link below for a more detailed description.

The full change log is:

• Added new policy auditing functionality to test adherence to a hardening guide/standard configuration (see -L/--list-policies, -M/--make-policy and -P/--policy). For an in-depth tutorial, see https://www.positronsecurity.com/blog/2020-09-27-ssh-policy-configuration-checks-with-ssh-audit/.
• Created new man page (see ssh-audit.1 file).
• 1024-bit moduli upgraded from warnings to failures.
• Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit Jürgen Gmach.
• Added feature to look up algorithms in internal database (see --lookup); credit Adam Russell.
• Suppress recommendation of token host key types.
• Added check for use-after-free vulnerability in PuTTY v0.73.
• Added 11 new host key types: ssh-rsa1, [email protected], ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512, spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, x509v3-rsa2048-sha256.
• Added 8 new key exchanges: diffie-hellman-group1-sha256, kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-, gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-, gss-curve25519-sha256-.
• Added 5 new ciphers: blowfish, AEAD_AES_128_GCM, AEAD_AES_256_GCM, [email protected], [email protected].
• Added 3 new MACs: [email protected], hmac-sha3-224, [email protected].