[REQUEST] Add Rocky Linux support!

Question

[REQUEST] Add Rocky Linux support!

ducarpit opened this issue 4 months ago · 5 comments

Hi,
is it possible to add the support for Rocky Linux and check the OpenSSH version also in this SO?
Here some informations about OpenSSH packages version: https://rockylinux.org/it/news/2024-07-01-openssh-sigalrm-regression
Thanks a lot
Christian

Answer 1 · 2024-07-08T17:35:00.000Z

Hi @ducarpit - I don't have access to Rocky Linux. Would you be able to check which banner is returned on a patched version? If so, happy to add it to the list.

Answer 2 · 2024-07-08T18:01:13.000Z

RockyLinux does not report the exact patch version in the SSH Banner. It only reports SSH-2.0_OpenSSH-8.7 not matter if the patch is applied or not. You therefore can't detect if it is vulnerable or not.

Source: Tested it with a docker container

Answer 3 · 2024-07-08T18:03:04.000Z

Thank you for the info @poettig - much appreciated.

Answer 4 · 2024-07-09T06:50:32.000Z

Hi @xaitax and @poettig and thank you, this is true, i tested it just now.
But, is there a way to report this OpenSSH version as "not testable" (for example)?
Because now the script report this OpenSSH version as "Servers likely vulnerable" and this is a wrong information.
Is there a way to improve this?
Thanks a lot
Christian

Answer 5 · 2024-07-09T16:42:19.000Z

The problem with that is that you either overreport (RockyLinux as vulnerable because you can't tell) or underreport (OpenSSH-8.7 as not-testable, but it is actually another distro that uses the same version and would be testable). It might be feasible to mark known-unclear entries somehow so the user has to think about it themselves.