v3.1.0

This release features tests for the Terrapin message prefix truncation vulnerability in the SSH protocol (CVE-2023-48795), along with other minor enhancements and fixes.

This version is also available as a PyPI package (pip3 install ssh-audit), Docker image (docker pull positronsecurity/ssh-audit), Snap package (snap install ssh-audit), or as a Windows executable (see below, though be aware that sometimes Windows Defender inappropriately detects it as malware!).

The full change log is:

• Added test for the Terrapin message prefix truncation vulnerability (CVE-2023-48795).
• Dropped support for Python 3.7 (EOL was reached in June 2023).
• Added Python 3.12 support.
• In server policies, reduced expected DH modulus sizes from 4096 to 3072 to match the online hardening guides (note that 3072-bit moduli provide the equivalent of 128-bit symmetric security).
• In Ubuntu 22.04 client policy, moved host key types [email protected] and ssh-ed25519 to the end of all certificate types.
• Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange list changes due to Terrapin vulnerability patches.
• Re-organized option host key types for OpenSSH 9.2 server policy to correspond with updated Debian 12 hardening guide.
• Added built-in policies for OpenSSH 9.5 and 9.6.
• Added an additional_notes field to the JSON output.