SSH Scan – SSH Configuration and Policy Scanner
SSH Scan is an SSH configuration and policy scanner the source of Inspiration for SSH Scan is the Mozilla OpenSSH Security Guide – which provides a sane baseline policy recommendation for SSH configuration parameters (eg. Ciphers, MACs, and KexAlgos).

Key Benefits
- Minimal Dependancies – Uses native Ruby and BinData to do its work, no heavy dependancies.
- Not Just a Script – Implementation is portable for use in another project or for automation of tasks.
- Simple – Just point
ssh_scan
at an SSH service and get a JSON report of what it supports and its policy status. - Configurable – Make your own custom policies that fit your unique policy requirements.
The goal of this tool is to help operational teams with the configuration of OpenSSH server and client. All Mozilla sites and deployment should follow the recommendations. The Enterprise Information Security (Infosec) team maintains this document as a reference guide.
Examples of usage:
- ssh_scan -t 192.168.1.1
- ssh_scan -t server.example.com
- ssh_scan -t ::1 ssh_scan -t ::1 -T 5
- ssh_scan -f hosts.txt
- ssh_scan -o output.json
- ssh_scan -O output.json -o rescan_output.json
- ssh_scan -t 192.168.1.1 -p 22222
- ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO
- ssh_scan -t 192.168.1.1 -P custom_policy.yml
- ssh_scan -t 192.168.1.1 –unit-test -P custom_policy.yml
You can read more and download this tool over here: https://github.com/mozilla/ssh_scan
Subscribe
0 Comments