Audit and check Linux or Windows SSH server configurations in less than 1 minute
100% free and secure, no login or password required.
Once you fill in the IP address or hostname and port of the target host, the scanner connects to the host and gathers all public information provided by the SSH protocol for analysis. The vulnerability scanner doesn't try to log in by any means on the target host.
The SSH vulnerability scanner works the same for an SFTP server, since it uses the same SSH protocol for secure file transfers.
SSH keys are commonly known as private and public keys generated by asymmetric cryptographic algorithms. These keys ensure a connection and authentication to a remote system that are far more secure than logging in with an account password or passphrase.
When an SSH client establishes connection with an SSH server, they determine a cipher to encrypt the data transmitted.
Research in the field of cryptography provides stronger encryption mechanisms, and discovers security vulnerabilities in existing algorithms and protocols. Developments in hardware available, producing more performant processors, also generates pressure to create algorithms stronger against brute-force attacks.
A cipher is weak when:
Both situations provide a shortcut for an attacker to decrypt, modify or impersonate private messages. It’s important to use ciphers considered secure today to avoid being an easy target.
This tool can't connect to servers behind a bastion host or firewall at the moment. The scanner checks only for public information provided by the SSH server using the protocol handshake over the public internet.
To a complete SSH security check for weak configurations and improve hardening practices, use Operous for a full evaluation of the target host.
The scan process does not try to log in to the target host. This tool intends to present meaningful information about the SSH with public data provided by the server and not be used for other security posture assessments, like brute force attacks or penetration tests.
This 100% free and secure tool doesn't require a login or password of the server. The SSH scan will look for data available during the SSH protocol handshake.
Here is a list of the information and configuration available on the protocol handshake:
While the SSH vulnerability scanner checks only configurations accessible over the internet, Operous can inspect far more server configurations.
Symmetric ciphers encrypt the data after the initial key exchange and authentication are complete. The following ciphers expect a recent OpenSSH client and are strong and secure:
The Secure Shell Protocol (SSH) is a critical component used to connect, authenticate and operate an infinity of services and devices in the technology world. Using SSH is also very convenient, being the de facto standard for remotely accessing servers for many years.
Since SSH is so widely used and ubiquitous, it's also a primary target for attacks.
Following SSH best practices can be a daunting task, even for an experienced engineer.
Understand cryptographic ciphers and key exchange algorithms used by SSH protocol to ensure a connection is secure is a fundamental skill, but it's also a domain of knowledge that engineers have a hard time grasping.
The SSH server vulnerability and security scanner developed by Operous provides fast and actionable reports, with state of the art SSH security checks.
We appreciate any feedback and feature requests!