msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
a86bac896352f73e95cb3381b7ba1886322e4f1eb096c1845c463b6c06507b33
CISS.debian.live.builder/docs/AUDIT_SSH.html

41 lines
2.8 KiB
HTML
Raw Blame History

<h1 id="1-cissdebianlivebuilder">1. CISS.debian.live.builder</h1>
<p><strong>Centurion Intelligence Consulting Agency Information Security Standard</strong><br> <em>Debian Live Build Generator for hardened live environment and CISS Debian Installer</em><br> <strong>Master Version</strong>: 8.02<br> <strong>Build</strong>: V8.03.127.2025.06.02<br></p>
<h1 id="2-ssh-audit-by-ssh-auditcom">2. SSH Audit by ssh-audit.com</h1>
<p><img src="/docs/screenshots/CISS.debian.live.builder_ssh_audit.png" alt="CISS.2025.debian.live.builder" /></p>
<h1 id="3-ssh-audit-by-httpsgithubcomjtestassh-audit">3. SSH Audit by <a href="https://github.com/jtesta/ssh-audit">https://github.com/jtesta/ssh-audit</a></h1>
<pre class="text"><code># general
(gen) banner: SSH-2.0-OpenSSH_9.2p1
(gen) software: OpenSSH 9.2p1
(gen) compatibility: OpenSSH 9.9+, Dropbear SSH 2020.79+
(gen) compression: disabled
# key exchange algorithms
(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5
`- [info] default key exchange from OpenSSH 9.0 to 9.8
`- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm
(kex) sntrup761x25519-sha512 -- [info] available since OpenSSH 9.9
`- [info] default key exchange since OpenSSH 9.9
`- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm
(kex) kex-strict-s-v00@openssh.com -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)
# host-key algorithms
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79
(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79
# encryption algorithms (ciphers)
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
# message authentication code algorithms
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
# algorithm recommendations (for OpenSSH 9.2)
(rec) +aes128-ctr -- enc algorithm to append
(rec) +aes128-gcm@openssh.com -- enc algorithm to append
(rec) +aes192-ctr -- enc algorithm to append</code></pre>
<hr />
<p><strong><a href="https://coresecret.eu/">no tracking | no logging | no advertising | no profiling | no bullshit</a></strong></p>
Reference in New Issue View Git Blame Copy Permalink