v0.18

Changelog

db27fb8 update goreleaser config
4f3bc9b Merge branch 'store-tweaks'
e7e23bf Improve updateBruteResult behavior
7fce102 remove batch size for scan queue, just scan everything
5ae14c5 update go versions
139ebf0 fix build command when using go modules
b152e22 add tests for the batching code

v0.16

Changelog

0fe645f turn off debugging for this sshd
4f9d741 simplify e2e test running
7b91924 allow all tunneling for this test
fb1f48d fix sshd command
d5db9ac Merge branch 'master' of github.com:ncsa/ssh-auditor
dd1c959 Improve tunnel testing and e2e tests
d6a3aaa Merge pull request #11 from kayavila/master
6d4a7ef Updating goreleaser config formatting
467b2c8 optimize Dockerfile module downloading
7d5c12d bump go version used for e2e tests
3f2ff54 Convert to a go module
89c319e implement host delete command

v0.15

Changelog

eda2a3f build standalone before doing e2e-tests
f46ac82 Add automated goreleaser build, fix key test
2617592 add initial support for key based authentication
9a0f1ae add a test case for an account with no password
16b854c problem: Can't discover using a list of ips
2cb844d problem: can't discover a single host
4192134 remove redundant if block
bf9d35d Merge pull request #4 from Neo23x0/master
9546ea7 feat: Reset credentials
3a00933 feat: Reset scan interval

v0.14

Changelog

97127a6 problem: old migration queries are slow

v0.13

Changelog

878ff57 problem: GetVulnerabilities is slow

v0.11

Changelog

bbe5f59 problem: json report is missing fields.
849290a Fix some linter issues

v0.10

Changelog

6964394 bump version to 0.10
a88c2fe Reduce database locking
fd46a19 repalce fpm with goreleaser

---

Automated with GoReleaser
Built with go version go1.10 linux/amd64

v0.9

Biggest change in 0.9 is the beginning of better interop with other tools. This is starting with support for importing and exporting credentials, listing hosts as json and reporting as json/text/html.

Issue #2 details the credential import feature.

Changelog

9e0841d Bump version to 0.9
62227ea wrap archive in directory
2cac649 ensure build is static
bfcacf6 add goreleaser config
4392706 implement json cred import
01adab1 import cred import tsv
8c75ac1 add html report
0158d76 fix typo
f2d6d2e add initial report commands
23970f9 check error when writing output
cc6605e json output for duplicate key report
1640304 Start switching to json for command output for better interop
6656064 problem: AddCredential doesn't properly update scan_interval
1477dad implement host list
966dd8a Implement credential list command
6a5a717 Simplify the ssh credential checking code

---

Automated with GoReleaser
Built with go version go1.10 linux/amd64

Tested!

Many of the internals were refactored to make testing easier. There is now an initial test suite that starts up a bunch of containers running sshd with different configurations in order to test the authentication process.

ssh-auditor now flags hosts that it could authenticate to, but could not run a command or tunnel as the result "auth". This type of result may mean you found a valid credential that can't access anything via ssh, but it may work over another protocol.

Support keyboard-interactive auth

Some servers only allow keyboard-interactive authentication, but not
password authentication. When attempting to authenticate, support both
methods.