Documentation on Output

[JoeArcher007]

I just ran this application at home on some locally hosted machines and was wondering what a little bit of the output means?

Example for me is "duplicate_host_key_ips". I saw three entries on my server and was wondering what it meant. They aren't IP's that I have in my subnet.

I get most of the other parts of the output, but a little description of each would be great.

Thanks!

[claudijd]

@JoeArcher007 I believe the behavior you're observing is fixed in #352

[claudijd]

I think this is fixed in master, but not in a gem release. I'll quickly generate a release for this so you can see and confirm this fixes your problem.

[claudijd]

@JoeArcher007 I just release https://github.com/mozilla/ssh_scan/releases/tag/0.0.19 to make this available for you. Following these command should do the trick for you...

$ gem update ssh_scan
Updating installed gems
Updating ssh_scan
Successfully installed ssh_scan-0.0.19
Parsing documentation for ssh_scan-0.0.19
Installing ri documentation for ssh_scan-0.0.19
Installing darkfish documentation for ssh_scan-0.0.19
Done installing documentation for ssh_scan after 0 seconds
Parsing documentation for ssh_scan-0.0.19
Done installing documentation for ssh_scan after 0 seconds
Gems updated: ssh_scan

[JoeArcher007]

Hello @claudijd

I can confirm that I don't see entries in here anymore. I was more wondering what it had meant? I'm assuming it was a bad thing, just wanting to know what it meant, and while I was asking, possibly have a chart of what == what with regards to the rest of the output. Something to put in the documentation I guess.

Thanks,
Joe

[claudijd]

@JoeArcher007 glad that sorted out the output items. As for documentation, I regret to say I haven't written it yet, but that particular attribute means that the host is sharing a host key with another host. This indicates the hosts are sharing key material in such a way where compromising one might allow you to decrypt/MiTM traffic from another. The solution would be to have one/both of the hosts to regenerate their host key material.

[claudijd]

I don't have time ATM to draft docs. I welcome contributions and PRs for such things, but I totally agree this is a gap currently and should be fixed at some point so I'm leaving this issue open until that's sorted.

[JoeArcher007]

Hey @claudijd No worries about the timing, the worlds a busy place, and I thank you for working on this great tool.

If I have time as well, and the research, I'll see about adding some information on the output of the data.