mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-15 18:23:09 +00:00
c15e1f61b0
On current nixpkgs, no modifications to the server settings were necessary to pass the audit. However, some of the client algorithms were considered insecure. The client configuration lists all algorithms which were listed as acceptable by `ssh-audit`. This can be used as an example of a configuration currently considered acceptable by `ssh-audit`, and verifies that such a configuration results in a compatible client/server configuration. Beware that this test will continue passing when future versions of `ssh-audit` add support for new algorithms. In other words, the example configuration represents a subset of what the current version of `ssh-audit` would consider acceptable.
36 lines
815 B
Nix
36 lines
815 B
Nix
{ lib
|
|
, fetchFromGitHub
|
|
, nixosTests
|
|
, python3Packages
|
|
}:
|
|
|
|
python3Packages.buildPythonApplication rec {
|
|
pname = "ssh-audit";
|
|
version = "3.0.0";
|
|
format = "setuptools";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "jtesta";
|
|
repo = pname;
|
|
rev = "refs/tags/v${version}";
|
|
sha256 = "sha256-+v+DLZPDC5uffTIJPzMvY/nLoy7BGiAsTddjNZZhTpo=";
|
|
};
|
|
|
|
nativeCheckInputs = with python3Packages; [
|
|
pytestCheckHook
|
|
];
|
|
|
|
passthru.tests = {
|
|
inherit (nixosTests) ssh-audit;
|
|
};
|
|
|
|
meta = with lib; {
|
|
description = "Tool for ssh server auditing";
|
|
homepage = "https://github.com/jtesta/ssh-audit";
|
|
changelog = "https://github.com/jtesta/ssh-audit/releases/tag/v${version}";
|
|
license = licenses.mit;
|
|
platforms = platforms.all;
|
|
maintainers = with maintainers; [ tv SuperSandro2000 ];
|
|
};
|
|
}
|