Linux
sshd
ssh_scan的好处从项目主页:最小的依赖关系 - 使用本机Ruby和BinData来完成工作,没有很大的依赖。不仅仅是一个脚本 - 实现是可移植的,用于另一个项目或用于自动化任务。简单 - 只需在SSH服务上点ssh_scan,并获得一个JSON报告,支持哪些内容及其策略状态。可配置 - 制定符合您独特策略要求的自定义策略。
安装依赖键入以下apt-get命令 / apt命令在Debian / Ubuntu Linux上安装ruby和gem:$ sudo apt-get install ruby gem示例输出:
安装ssh_scan键入以下命令将ssh_scan安装为gem:$ sudo gem install ssh_scan示例输出:
如何使用ssh_scan?语法是:例如扫描安装在192.168.2.15的ssh服务器,输入:示例输出:$ ssh_scan -t ip$ ssh_scan -t server$ ssh_scan -t server1.cyberciti.biz$ ssh_scan -t 127.0.0.1
输出实例:I, [2017-04-25T16:12:11.019160 #32317] INFO -- : You're using the latest version of ssh_scan 0.0.19 [ { 'ssh_scan_version': '0.0.19', 'ip': '192.168.2.15', 'port': 22, 'server_banner': 'SSH-2.0-OpenSSH_7.4p1 Ubuntu-10', 'ssh_version': 2.0, 'os': 'ubuntu', 'os_cpe': 'o:canonical:ubuntu', 'ssh_lib': 'openssh', 'ssh_lib_cpe': 'a:openssh:openssh:7.4p1', 'cookie': '82d7cc908765f03154b10d5cdf14195a', 'key_algorithms': [ 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group14-sha256', 'diffie-hellman-group14-sha1' ], 'server_host_key_algorithms': [ 'ssh-rsa', 'rsa-sha2-512', 'rsa-sha2-256', 'ecdsa-sha2-nistp256', 'ssh-ed25519' ], 'encryption_algorithms_client_to_server': [ 'chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com' ], 'encryption_algorithms_server_to_client': [ 'chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com' ], 'mac_algorithms_client_to_server': [ 'umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1' ], 'mac_algorithms_server_to_client': [ 'umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1' ], 'compression_algorithms_client_to_server': [ 'none', 'zlib@openssh.com' ], 'compression_algorithms_server_to_client': [ 'none', 'zlib@openssh.com' ], 'languages_client_to_server': [ ], 'languages_server_to_client': [ ], 'hostname': 'm6700', 'auth_methods': [ 'publickey', 'password' ], 'fingerprints': { 'rsa': { 'known_bad': 'false', 'md5': '1d:14:84:f0:c7:21:10:0e:30:d9:f9:59:6b:c3:95:97', 'sha1': '70:ac:7c:2c:94:54:aa:09:f2:58:f3:48:f0:9e:f2:a0:a2:37:f1:0a', 'sha256': '6d:d8:20:c6:8e:e7:db:0d:94:9d:34:66:ba:b7:9c:68:8a:ea:79:19:a6:0d:76:cc:ec:fe:82:21:68:a5:64:74' } }, 'start_time': '2017-04-25 16:12:11 +0000', 'end_time': '2017-04-25 16:12:11 +0000', 'scan_duration_seconds': 0.118730486, 'duplicate_host_key_ips': [ ], 'compliance': { 'policy': 'Mozilla Modern', 'compliant': false, 'recommendations': [ 'Remove these Key Exchange Algos: curve25519-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1', 'Remove these MAC Algos: umac-64-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, hmac-sha1', 'Remove these Authentication Methods: password' ], 'references': [ 'https://wiki.mozilla.org/Security/Guidelines/OpenSSH' ] } } ]