msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
eac8f62459d5283b2b4983a86d0a661308a3219fdd375543068933c605279baa
CISS.debian.live.builder/docs/AUDIT_SSH.md
Marc S. Weidner 68eb879c8a
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 34s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 48m28s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 47m5s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 47m5s
Details
V8.03.768.2025.06.09 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-09 22:38:15 +02:00

2.7 KiB
Raw Blame History

Table of Contents

1. CISS.debian.live.builder

Centurion Intelligence Consulting Agency Information Security Standard
Debian Live Build Generator for hardened live environment and CISS Debian Installer
Master Version: 8.03
Build: V8.03.768.2025.06.09

2. SSH Audit by ssh-audit.com

CISS.2025.debian.live.builder

3. SSH Audit by https://github.com/jtesta/ssh-audit

# general
(gen) banner: SSH-2.0-OpenSSH_9.2p1
(gen) software: OpenSSH 9.2p1
(gen) compatibility: OpenSSH 9.9+, Dropbear SSH 2020.79+
(gen) compression: disabled

# key exchange algorithms
(kex) sntrup761x25519-sha512@openssh.com  -- [info] available since OpenSSH 8.5
                                          `- [info] default key exchange from OpenSSH 9.0 to 9.8
                                          `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm
(kex) sntrup761x25519-sha512              -- [info] available since OpenSSH 9.9
                                          `- [info] default key exchange since OpenSSH 9.9
                                          `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm
(kex) kex-strict-s-v00@openssh.com        -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)

# host-key algorithms
(key) ssh-ed25519                         -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79
(key) rsa-sha2-512                        -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256                        -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79

# encryption algorithms (ciphers)
(enc) aes256-gcm@openssh.com              -- [info] available since OpenSSH 6.2
(enc) aes256-ctr                          -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

# message authentication code algorithms
(mac) hmac-sha2-512-etm@openssh.com       -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com       -- [info] available since OpenSSH 6.2

# algorithm recommendations (for OpenSSH 9.2)
(rec) +aes128-ctr                         -- enc algorithm to append
(rec) +aes128-gcm@openssh.com             -- enc algorithm to append
(rec) +aes192-ctr                         -- enc algorithm to append

no tracking | no logging | no advertising | no profiling | no bullshit

Reference in New Issue View Git Blame Copy Permalink