SSH server vulnerability and security scanner

Audit and check Linux or Windows SSH server configurations in less than 1 minute



100% free and secure, no login or password required.

How to check an SSH server that is behind a firewall or bastion host?

Frequently Asked Questions

How does the SSH vulnerability scanner work?

Once you fill in the IP address or hostname and port of the target host, the scanner connects to the host and gathers all public information provided by the SSH protocol for analysis. The vulnerability scanner doesn't try to log in by any means on the target host.

What is the difference between an SSH and SFTP server?

The SSH File Transfer Protocol (SFTP) is a protocol built on top of SSH to transfer files securely. Users rely on tools like WinSCP or FileZilla for transferring files over the internet using SFTP.

The SSH vulnerability scanner works the same for an SFTP server, since it uses the same SSH protocol for secure file transfers.

What is an SSH security key?

SSH keys are commonly known as private and public keys generated by asymmetric cryptographic algorithms. These keys ensure a connection and authentication to a remote system that are far more secure than logging in with an account password or passphrase.

What are weak SSH ciphers?

When an SSH client establishes connection with an SSH server, they determine a cipher to encrypt the data transmitted.

Research in the field of cryptography provides stronger encryption mechanisms, and discovers security vulnerabilities in existing algorithms and protocols. Developments in hardware available, producing more performant processors, also generates pressure to create algorithms stronger against brute-force attacks.

A cipher is weak when:

  • It has a known vulnerability, discovered through research
  • It can’t protect data against brute-force attacks executed with modern hardware

Both situations provide a shortcut for an attacker to decrypt, modify or impersonate private messages. It’s important to use ciphers considered secure today to avoid being an easy target.

How to use the SSH vulnerability scanner on a target host that's behind a firewall?

This tool can't connect to servers behind a bastion host or firewall at the moment. The scanner checks only for public information provided by the SSH server using the protocol handshake over the public internet.

To a complete SSH security check for weak configurations and improve hardening practices, use Operous for a full evaluation of the target host.

How the SSH vulnerability scanner tests passwords?

The scan process does not try to log in to the target host. This tool intends to present meaningful information about the SSH with public data provided by the server and not be used for other security posture assessments, like brute force attacks or penetration tests.

How the SSH vulnerability scanner checks the SSH server configuration?

This 100% free and secure tool doesn't require a login or password of the server. The SSH scan will look for data available during the SSH protocol handshake.

Here is a list of the information and configuration available on the protocol handshake:

  • Key exchange algorithms
  • Encryption options
  • Version banner
  • MAC algorithms
  • Compression availability
  • Version compatibility
  • Known vulnerabilities

While the SSH vulnerability scanner checks only configurations accessible over the internet, Operous can inspect far more server configurations.

What are the recommended ciphers to use with SSH?

Symmetric ciphers encrypt the data after the initial key exchange and authentication are complete. The following ciphers expect a recent OpenSSH client and are strong and secure:

  • chacha20-poly1305@openssh.com
  • aes256-gcm@openssh.com
  • aes128-gcm@openssh.com
  • aes256-ctr
  • aes192-ctr
  • Aes128-ctr

About

The Secure Shell Protocol (SSH) is a critical component used to connect, authenticate and operate an infinity of services and devices in the technology world. Using SSH is also very convenient, being the de facto standard for remotely accessing servers for many years.

Initially used on Linux operating systems, Microsoft has adopted OpenSSH as a fully supported remote access method for Windows 10 and Windows Server 2019, expanding its adoption even more.

Since SSH is so widely used and ubiquitous, it's also a primary target for attacks.

Following SSH best practices can be a daunting task, even for an experienced engineer.

Understand cryptographic ciphers and key exchange algorithms used by SSH protocol to ensure a connection is secure is a fundamental skill, but it's also a domain of knowledge that engineers have a hard time grasping.

The SSH server vulnerability and security scanner developed by Operous provides fast and actionable reports, with state of the art SSH security checks.

We appreciate any feedback and feature requests!

Changelog