No updates in 2 years ... is this project no longer active? about ssh-audit HOT 17 OPEN

@immanuelfodor @Athanasius @Mjolinir @StewAlexanderACC @moralrebuild @drakkhen @barkingdog69 : I just merged my "all_my_patches" branch to master: https://github.com/jtesta/ssh-audit/ This has the three PRs (#30, #31, #32) which add new algorithms, host key checks, certificate checks, and DH group checks.

I've tried reaching out to arthepsy repeatedly in the last two years about either merging my PRs, or formally handing over maintainership. I rarely heard back, so its time for us to just move on. I'll continue maintenance under my own fork, and I'll accept PRs and suggestions from the community.

Early next week I'll add in new algorithms and make an official release. In the meantime, please star/watch/fork my repo!

P.S. I've been operating the ssh-audit.com website for almost two years now (its a web front-end to the command line tool). It gets some pretty good traffic on a daily basis, so I'm invested in keeping the tool up-to-date.

from ssh-audit.

Just now, I've released v2.0.0 with several major improvements!: https://github.com/jtesta/ssh-audit/releases/tag/v2.0.0

from ssh-audit.

@arthepsy If you're looking for a new maintainer of this project, I'd be happy to do it. I submitted the host key and moduli PRs back in 2017 (which are still open), and I've got more ideas for improvements.

from ssh-audit.

+1

This project started out awesome and looked really promising. But it’s useless if it’s not kept current.

from ssh-audit.

keep it update pls

from ssh-audit.

Looks like there's been no work on this in 3 years?

from ssh-audit.

@jtesta If you decide to fork this project, that would be awesome, please post here to let us know

from ssh-audit.

Please point me in the right direction to an up-to-date fork, this project used to be awesome as a local testing tool without 3rd party involvement.

from ssh-audit.

Hmm, according to the network graph, it's https://github.com/jtesta/ssh-audit/tree/all_my_patches but still 2 years old 😕

from ssh-audit.

I'm another happy user who is looking for an updated version of this.

from ssh-audit.

By the way, I have OpenSSH_8.0p1, OpenSSL 1.1.1c 28 May 2019. Are there such recommendations somewhere like the ssh-audit prints at the end for OpenSSH 7.6? We could check that manually.

from ssh-audit.

Thanks for that! I've Start'd and starting Watch'ing your repo, and updated my .git/config to these remotes (rather than arthespy's as origin):

[remote "arthepsy"]
        url = https://github.com/arthepsy/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/origin/*
[remote "jtesta"]
        url = https://github.com/jtesta/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/jtesta/*
[remote "origin"]
        url = https://github.com/jtesta/ssh-audit.git
        fetch = +refs/heads/*:refs/remotes/jtesta/*```

from ssh-audit.

Thanks all for the feedback and @jtesta for all the work.

from ssh-audit.

Thanks, I'm heading over there and opening a ticket for adding OpenSSH 8 recommendations :D

from ssh-audit.

Hmmm, there is no Issues tab on your repo

from ssh-audit.

@jtesta Great news, and thank you so much for the work, will check out your repo! Will be eagerly awaiting your first release.

from ssh-audit.

Do you think renaming would be suitable? In case upstream awakens again and starts to develop (without accepting the currently proposed patches)?

from ssh-audit.