I'm the maintainer of the new fork
(https://github.com/jtesta/ssh-audit/). I would very much like for
Debian to switch away from the dead original project and move to my
updated version.
Since taking over development in August 2019, I've made 139 commits
across 4 releases, including on PyPI, Snap, Arch Linux, and Homebrew.
Some highlights of new features include: RSA host key checking, RSA
certificate key checking, Diffie-Hellman modulus checking, fingerprint
enumeration, JSON output, client security testing, and support for 83(!)
new algorithms.
If you try running the original v1.7.0 against modern SSH servers
(including OpenSSH 8.2), you'll get incomplete results due to missing
algorithms. My v2.2.0 is fully current, however.
I've tried reaching out to the official maintainer, ChangZhuo Chen, a
couple times over the last 7 months but have not received a response.
How can we move forward on our own?
Thanks!
- Joe
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
