1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
.TH SSH-AUDIT 1 "March 13, 2022"
.SH NAME
\fBssh-audit\fP \- SSH server & client configuration auditor
.SH SYNOPSIS
.B ssh-audit
.RI [ options ] " <target_host>"
.SH DESCRIPTION
.PP
\fBssh-audit\fP analyzes the configuration of SSH servers & clients, then warns the user of weak, obsolete, and/or untested cryptographic primitives. It is very useful for hardening SSH tunnels, which by default tend to be optimized for compatibility, not security.
.PP
See <https://www.ssh\-audit.com/> for official hardening guides for common platforms.
.SH OPTIONS
.TP
.B -h, \-\-help
.br
Print short summary of options.
.TP
.B -1, \-\-ssh1
.br
Only perform an audit using SSH protocol version 1.
.TP
.B -2, \-\-ssh2
.br
Only perform an audit using SSH protocol version 2.
.TP
.B -4, \-\-ipv4
.br
Prioritize the usage of IPv4.
.TP
.B -6, \-\-ipv6
.br
Prioritize the usage of IPv6.
.TP
.B -b, \-\-batch
.br
Enables grepable output.
.TP
.B -c, \-\-client\-audit
.br
Starts a server on port 2222 to audit client software configuration. Use -p/--port=<port> to change port and -t/--timeout=<secs> to change listen timeout.
.TP
.B -d, \-\-debug
.br
Enable debug output.
.TP
.B -g, \-\-gex-test=<x[,y,...] | min1:pref1:max1[,min2:pref2:max2,...] | x-y[:step]>
.br
Runs a Diffie-Hellman Group Exchange modulus size test against a server.
Diffie-Hellman requires the client and server to agree on a generator value and a modulus value. In the "Group Exchange" implementation of Diffie-Hellman, the client specifies the size of the modulus in bits by providing the server with minimum, preferred and maximum values. The server then finds a group that best matches the client's request, returning the corresponding generator and modulus. For a full explanation of this process see RFC 4419 and its successors.
This test acts as a client by providing an SSH server with the size of a modulus and then obtains the size of the modulus returned by the server.
Three types of syntax are supported:
1. <x[,y,...]>
A comma delimited list of modulus sizes.
A test is performed against each value in the list where it acts as the minimum, preferred and maximum modulus size.
2. <min:pref:max[,min:pref:max,...]>
A set of three colon delimited values denoting minimum, preferred and maximum modulus size.
A test is performed against each set.
Multiple sets can specified as a comma separated list.
3. <x-y[:step]>
A range of modulus sizes with an optional step value. Step defaults to 1 if omitted.
If the left value is greater than the right value, then the sequence operates from right to left.
A test is performed against each value in the range where it acts as the minimum, preferred and maximum modulus size.
Duplicates are excluded from the return value.
.TP
.B -j, \-\-json
.br
Output results in JSON format. Specify twice (-jj) to enable indent printing (useful for debugging).
.TP
.B -l, \-\-level=<info|warn|fail>
.br
Specify the minimum output level. Default is info.
.TP
.B -L, \-\-list-policies
.br
List all official, built-in policies for common systems. Their full names can then be passed to -P/--policy.
.TP
.B \-\-lookup=<alg1,alg2,...>
.br
Look up the security information of an algorithm(s) in the internal database. Does not connect to a server.
.TP
.B -m, \-\-manual
.br
Print the man page (Windows only).
.TP
.B -M, \-\-make-policy=<custom_policy.txt>
.br
Creates a policy based on the target server. Useful when other servers should be compared to the target server's custom configuration (i.e.: a cluster environment). Note that the resulting policy can be edited manually.
.TP
.B -n, \-\-no-colors
.br
Disable color output.
.TP
.B -p, \-\-port=<port>
.br
The TCP port to connect to when auditing a server, or the port to listen on when auditing a client.
.TP
.B -P, \-\-policy=<"built-in policy name" | path/to/custom_policy.txt>
.br
Runs a policy audit against a target using the specified policy (see \fBPOLICY AUDIT\fP section for detailed description of this mode of operation). Combine with -c/--client-audit to audit a client configuration instead of a server. Use -L/--list-policies to list all official, built-in policies for common systems.
.TP
.B -t, \-\-timeout=<secs>
.br
The timeout, in seconds, for creating connections and reading data from the socket. Default is 5.
.TP
.B -T, \-\-targets=<hosts.txt>
.br
A file containing a list of target hosts. Each line must have one host, in the format of HOST[:PORT]. Use --threads to control concurrent scans.
.TP
.B \-\-threads=<threads>
.br
The number of threads to use when scanning multiple targets (with -T/--targets). Default is 32.
.TP
.B -v, \-\-verbose
.br
Enable verbose output.
.SH STANDARD AUDIT
.PP
By default, \fBssh-audit\fP performs a standard audit. That is, it enumerates all host key types, key exchanges, ciphers, MACs, and other information, then color-codes them in output to the user. Cryptographic primitives with potential issues are displayed in yellow; primitives with serious flaws are displayed in red.
.SH POLICY AUDIT
.PP
When the -P/--policy option is used, \fBssh-audit\fP performs a policy audit. The target's host key types, key exchanges, ciphers, MACs, and other information is compared to a set of expected values defined in the specified policy file. If everything matches, only a short message stating a passing result is reported. Otherwise, the field(s) that did not match are reported.
.PP
Policy auditing is helpful for ensuring a group of related servers are properly hardened to an exact specification.
.PP
The set of official built-in policies can be viewed with -L/--list-policies. Multiple servers can be audited with -T/--targets=<servers.txt>. Custom policies can be made from an ideal target server with -M/--make-policy=<custom_policy.txt>.
.SH EXAMPLES
.LP
Basic server auditing:
.RS
.nf
ssh-audit localhost
ssh-audit 127.0.0.1
ssh-audit 127.0.0.1:222
ssh-audit ::1
ssh-audit [::1]:222
.fi
.RE
.LP
To run a standard audit against many servers (place targets into servers.txt, one on each line in the format of HOST[:PORT]):
.RS
.nf
ssh-audit -T servers.txt
.fi
.RE
.LP
To audit a client configuration (listens on port 2222 by default; connect using "ssh -p 2222 anything@localhost"):
.RS
.nf
ssh-audit -c
.fi
.RE
.LP
To audit a client configuration, with a listener on port 4567:
.RS
.nf
ssh-audit -c -p 4567
.fi
.RE
.LP
To list all official built-in policies (hint: use their full names with -P/--policy):
.RS
.nf
ssh-audit -L
.fi
.RE
.LP
To run a built-in policy audit against a server (hint: use -L to see list of built-in policies):
.RS
.nf
ssh-audit -P "Hardened Ubuntu Server 20.04 LTS (version 1)" targetserver
.fi
.RE
.LP
To run a custom policy audit against a server (hint: use -M/--make-policy to create a custom policy file):
.RS
.nf
ssh-audit -P path/to/server_policy.txt targetserver
.fi
.RE
.LP
To run a policy audit against a client:
.RS
.nf
ssh-audit -c -P ["policy name" | path/to/client_policy.txt]
.fi
.RE
.LP
To run a policy audit against many servers:
.RS
.nf
ssh-audit -T servers.txt -P ["policy name" | path/to/server_policy.txt]
.fi
.RE
.LP
To create a policy based on a target server (which can be manually edited; see official built-in policies for syntax examples):
.RS
.nf
ssh-audit -M new_policy.txt targetserver
.fi
.RE
.LP
To run a Diffie-Hellman Group Exchange modulus size test using the values 2000 bits, 3000 bits, 4000 bits and 5000 bits:
.RS
.nf
ssh-audit targetserver --gex-test=2000,3000,4000,5000
.fi
.RE
.LP
To run a Diffie-Hellman Group Exchange modulus size test where 2048 bits is the minimum, 3072 bits is the preferred and 5000 bits is the maximum:
.RS
.nf
ssh-audit targetserver --gex-test=2048:3072:5000
.fi
.RE
.LP
To run a Diffie-Hellman Group Exchange modulus size test from 0 bits to 5120 bits in increments of 1024 bits:
.RS
.nf
ssh-audit targetserver --gex-test=0-5120:1024
.fi
.RE
.SH RETURN VALUES
When a successful connection is made and all algorithms are rated as "good", \fBssh-audit\fP returns 0. Other possible return values are:
.RS
.nf
1 = connection error
2 = at least one algorithm warning was found
3 = at least one algorithm failure was found
<any other non-zero value> = unknown error
.fi
.RE
.SH SSH HARDENING GUIDES
Hardening guides for common platforms can be found at: <https://www.ssh\-audit.com/>
.SH BUG REPORTS
Please file bug reports as a Github Issue at: <https://github.com/jtesta/ssh\-audit/issues>
.SH AUTHOR
.LP
\fBssh-audit\fP was originally written by Andris Raugulis <moo@arthepsy.eu>, and maintained from 2015 to 2017.
.br
.LP
Maintainership was assumed and development was resumed in 2017 by Joe Testa <jtesta@positronsecurity.com>.
|