A non-portable construct makes it hang forever on BSD systems: https://github.com/jtesta/ssh-audit/issues/288. A one-off patch is required: https://github.com/jtesta/ssh-audit/pull/289
Thanks, I also had some issues but ssh-audit worked in some cases so I thought it was just some network issues (which I actually had at that time).
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f02e397c3be1c20d736e3412ca82f14ba14b9e8c commit f02e397c3be1c20d736e3412ca82f14ba14b9e8c Author: Piotr Kubaj <pkubaj@FreeBSD.org> AuthorDate: 2024-08-16 10:32:11 +0000 Commit: Piotr Kubaj <pkubaj@FreeBSD.org> CommitDate: 2024-08-16 11:54:25 +0000 security/py-ssh-audit: fix hang on runtime PR: 280827 Submitted by: michaelo security/py-ssh-audit/Makefile | 1 + .../files/patch-src_ssh__audit_dheat.py (new) | 23 ++++++++++++++++++++++ 2 files changed, 24 insertions(+)
After using this patch, I'm getting the rate-throttling message again, even though I have "PerSourceMaxStartups 1" enabled in sshd_config. The message didn't show before the patch. I'm using FreeBSD 13.3-RELEASE-p5 38 connections were created in 0.180 seconds, or 210.7 conns/sec; server must respond with a rate less than 20.0 conns/sec per IPv4/IPv6 source address to be considered safe. For rate-throttling options, please see https://www.ssh-audit.com/hardening_guides.html. Be aware that using 'PerSourceMaxStartups 1' properly protects the server from this attack, but will cause this test to yield a false positive. Suppress this test and message with the --skip-rate-test option.