Hello,
I would like to parse the output of ssh-audit -j automatically.
The output looks like this (shortened):
{
"kex": [
{
"algorithm": "sntrup761x25519-sha512",
"notes": {
"info": [
"default key exchange since OpenSSH 9.9",
"hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm",
"available since OpenSSH 9.9"
]
}
},
{
"algorithm": "ecdh-sha2-nistp256",
"notes": {
"fail": [
"using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency"
],
"info": [
"available since OpenSSH 5.7, Dropbear SSH 2013.62"
]
}
},
{
"algorithm": "diffie-hellman-group14-sha256",
"notes": {
"info": [
"available since OpenSSH 7.3, Dropbear SSH 2016.73"
],
"warn": [
"2048-bit modulus only provides 112-bits of symmetric strength"
]
}
}
]
}
Now, I can query all algos with:
kex_avail: "{{ ssh_test_result.stdout | from_json | json_query('kex[].algorithm') }}"
but how can I exclude all elements with notes.fail and notes.warn in it?
I have a working solution, but I wondering if this is possible in one line 
- name: Print results
vars:
kex_avail: "{{ ssh_test_result.stdout | from_json | json_query('kex[].algorithm') }}"
kex_crit: "{{ ssh_test_result.stdout | from_json | json_query('recommendations.critical.del.kex[].name') }}"
kex_warn: "{{ ssh_test_result.stdout | from_json | json_query('recommendations.warning.del.kex[].name') }}"
ansible.builtin.set_fact:
kex_use: "{{ kex_avail | community.general.lists_symmetric_difference(kex_crit, kex_warn) }}"
Thanks a lot!
Thomas
