(mac) unknown algorithm(s) found!: [email protected],[email protected]

[rein123]

Hi!
Using https://github.com/jtesta/ssh-audit/releases/tag/v3.3.0 I want to report the following:

Starting audit of 192.168.0.10:22...
# general
(gen) banner: SSH-2.0-Mocana SSH
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+
(gen) compression: disabled
# key exchange algorithms
(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256              -- [info] default key exchange from OpenSSH 7.4 to 8.9
(kex) [email protected]   -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
(kex) [email protected]   -- [info] default key exchange from OpenSSH 6.5 to 7.3
[0;31m(kex) ecdh-sha2-nistp521             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(kex) ecdh-sha2-nistp521             -- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
[0;31m(kex) ecdh-sha2-nistp384             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(kex) ecdh-sha2-nistp384             -- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
[0;31m(kex) ecdh-sha2-nistp256             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(kex) ecdh-sha2-nistp256             -- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group15-sha512
(kex) diffie-hellman-group16-sha512  -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group17-sha512
(kex) diffie-hellman-group18-sha512  -- [info] available since OpenSSH 7.3
# host-key algorithms
(key) ssh-ed25519                    -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79
# encryption algorithms (ciphers)
(enc) AEAD_AES_128_GCM
(enc) [email protected]         -- [info] available since OpenSSH 6.2
(enc) AEAD_AES_256_GCM
(enc) [email protected]         -- [info] available since OpenSSH 6.2
(enc) aes128-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes256-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                     -- [info] available since OpenSSH 3.7
# message authentication code algorithms
(mac) AEAD_AES_128_GCM
(mac) [email protected]         -- [warn] unknown algorithm
(mac) AEAD_AES_256_GCM
(mac) [email protected]         -- [warn] unknown algorithm
(mac) hmac-sha2-512                  -- [warn] using encrypt-and-MAC mode
(mac) hmac-sha2-512                  -- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
# fingerprints
(fin) ssh-ed25519: SHA256:OXv9gviji0wo4O4jr4NVZsFYKT1CKkQuZ4fTlcK0E0U
(fin) ssh-ed25519: MD5:35:e8:82:81:53:ea:0f:4a:95:a2:5d:88:ba:a4:0d:14 -- [info] do not rely on MD5 fingerprints for server identification; it is insecure for this use case

!!! WARNING: unknown algorithm(s) found!: [email protected],[email protected].  If this is the latest version of ssh-audit (see <https://github.com/jtesta/ssh-audit/releases>), please create a new Github issue at <https://github.com/jtesta/ssh-audit/issues> with the full output above.

[jtesta]

Well this is rather interesting! Those two algorithms are already supported by ssh-audit (and have been for many, many years). Seems like there might be a bug somewhere. I see that your target server is identifying itself as "Mocana SSH". I can't find much information about it, though. Can you perhaps explain what product/software stack that is? Or even better: if you can share the address of a host with that SSH server that is reachable from the Internet, then I could debug this quickly without having to install anything locally. Thanks!

[rein123]

Unfortunately, I cannot provide an interface for you to test it directly, since the device is currently in development.
The used stack is from https://dev.digicert.com/en/trustcore-sdk/nanossh.html

Seems like "aes128-gcm" is maybe not an issue but the "@openssh.com" variant of it.