25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

118 lines
3.6KB

  1. require 'net/ssh'
  2. module CryptCheck
  3. module Ssh
  4. class SshNotSupportedServer
  5. attr_reader :hostname, :port
  6. def initialize(hostname, port)
  7. @hostname, @port = hostname, port
  8. end
  9. end
  10. class Server
  11. TCP_TIMEOUT = 10
  12. class SshNotAvailableException < Exception
  13. end
  14. attr_reader :hostname, :port, :kex, :encryption, :hmac, :compression, :key
  15. KEX = {
  16. 'curve25519-sha256@libssh.org' => :green,
  17. 'diffie-hellman-group1-sha1' => :yellow,
  18. 'diffie-hellman-group14-sha1' => :yellow,
  19. 'diffie-hellman-group-exchange-sha1' => :yellow,
  20. 'diffie-hellman-group-exchange-sha256' => :green,
  21. 'ecdh-sha2-nistp256' => :yellow,
  22. 'ecdh-sha2-nistp384' => :yellow,
  23. 'ecdh-sha2-nistp521' => :yellow
  24. }
  25. ENCRYPTION = {
  26. '3des-cbc' => :red,
  27. 'aes128-cbc' => :yellow,
  28. 'aes192-cbc' => :yellow,
  29. 'aes256-cbc' => :yellow,
  30. 'aes128-ctr' => :yellow,
  31. 'aes192-ctr' => :yellow,
  32. 'aes256-ctr' => :yellow,
  33. 'aes128-gcm@openssh.com' => :green,
  34. 'aes256-gcm@openssh.com' => :green,
  35. 'arcfour' => :red,
  36. 'arcfour128' => :red,
  37. 'arcfour256' => :red,
  38. 'blowfish-cbc' => :yellow,
  39. 'cast128-cbc' => nil,
  40. 'chacha20-poly1305@openssh.com' => :green
  41. }
  42. HMAC = {
  43. 'hmac-md5' => :red,
  44. 'hmac-md5-96' => :red,
  45. 'hmac-ripemd160' => :green,
  46. 'hmac-sha1' => :yellow,
  47. 'hmac-sha1-96' => :red,
  48. 'hmac-sha2-256' => :green,
  49. 'hmac-sha2-512' => :green,
  50. 'umac-64@openssh.com' => :red,
  51. 'umac-128@openssh.com' => nil,
  52. 'hmac-md5-etm@openssh.com' => :red,
  53. 'hmac-md5-96-etm@openssh.com' => :red,
  54. 'hmac-ripemd160-etm@openssh.com' => :green,
  55. 'hmac-sha1-etm@openssh.com' => :yellow,
  56. 'hmac-sha1-96-etm@openssh.com' => :red,
  57. 'hmac-sha2-256-etm@openssh.com' => :green,
  58. 'hmac-sha2-512-etm@openssh.com' => :green,
  59. 'umac-64-etm@openssh.com' => :red,
  60. 'umac-128-etm@openssh.com' => nil
  61. }
  62. COMPRESSION = {
  63. 'none' => nil,
  64. 'zlib@openssh.com' => nil
  65. }
  66. KEY = {
  67. 'ecdsa-sha2-nistp256-cert-v01@openssh.com' => :yellow,
  68. 'ecdsa-sha2-nistp384-cert-v01@openssh.com' => :yellow,
  69. 'ecdsa-sha2-nistp521-cert-v01@openssh.com' => :yellow,
  70. 'ssh-ed25519-cert-v01@openssh.com' => :green,
  71. 'ssh-rsa-cert-v01@openssh.com' => :yellow,
  72. 'ssh-dss-cert-v01@openssh.com' => :red,
  73. 'ssh-rsa-cert-v00@openssh.com' => :yellow,
  74. 'ssh-dss-cert-v00@openssh.com' => :red,
  75. 'ecdsa-sha2-nistp256' => :yellow,
  76. 'ecdsa-sha2-nistp384' => :yellow,
  77. 'ecdsa-sha2-nistp521' => :yellow,
  78. 'ssh-ed25519' => :green,
  79. 'ssh-rsa' => :yellow,
  80. 'ssh-dss' => :red
  81. }
  82. def initialize(hostname, port)
  83. @hostname, @port = hostname, port
  84. Logger.info { "#{hostname}:#{port}".colorize :blue }
  85. session = ::Net::SSH::Transport::Session.new @hostname, port: @port, timeout: TCP_TIMEOUT
  86. data = session.algorithms.instance_variable_get :@server_data
  87. @kex, @encryption, @hmac, @compression, @key = data[:kex], data[:encryption_server], data[:hmac_server], data[:compression_server], data[:host_key]
  88. Logger.info { '' }
  89. @kex.each { |k| Logger.info { "Key exchange : #{k.colorize KEX[k]}" } }
  90. Logger.info { '' }
  91. @encryption.each { |e| Logger.info { "Encryption : #{e.colorize ENCRYPTION[e]}" } }
  92. Logger.info { '' }
  93. @hmac.each { |h| Logger.info { "HMAC : #{h.colorize HMAC[h]}" } }
  94. Logger.info { '' }
  95. @compression.each { |c| Logger.info { "Compression : #{c}" } }
  96. Logger.info { '' }
  97. @key.each { |k| Logger.info { "Key type : #{k.colorize KEY[k]}" } }
  98. session.close
  99. rescue => e
  100. Logger.debug { "SSH not supported : #{e}" }
  101. raise SshNotAvailableException, e
  102. end
  103. end
  104. end
  105. end