SSHScan is a remote auditing tool that enumerates SSH server cryptographic algorithms. It helps identify insecure and not recommended ciphers, key exchange algorithms, MACs, and host key algorithms.
SSHScan requires Python 3.8 or newer and has no dependency on third-party packages. It uses only the Python standard library.
git clone https://github.com/farrokhi/SSHScan
cd SSHScanBasic usage:
./sshscan.py host.example.comSpecify a custom port:
./sshscan.py host.example.com:2222IPv6 addresses must be enclosed in brackets and quoted:
./sshscan.py '[2001:db8::1]:22'
./sshscan.py '[::1]'Display help:
./sshscan.py -hSample output:
% ./sshscan.py sdf.org
[*] Initiating scan for sdf.org on port 22
[*] Connected to sdf.org on port 22...
[+] Target SSH version is: SSH-2.0-OpenSSH_10.0
[+] Retrieving algorithm information...
[+] Detected ciphers:
chacha20-poly1305@openssh.com aes128-ctr
aes128-gcm@openssh.com aes192-ctr
aes256-gcm@openssh.com aes256-ctr
[+] Detected KEX algorithms:
mlkem768x25519-sha256 ecdh-sha2-nistp256
sntrup761x25519-sha512 ecdh-sha2-nistp384
sntrup761x25519-sha512@openssh.com ecdh-sha2-nistp521
curve25519-sha256 ext-info-s
curve25519-sha256@libssh.org kex-strict-s-v00@openssh.com
[+] Detected MACs:
umac-64-etm@openssh.com umac-64@openssh.com
umac-128-etm@openssh.com umac-128@openssh.com
hmac-sha2-256-etm@openssh.com hmac-sha2-256
hmac-sha2-512-etm@openssh.com hmac-sha2-512
hmac-sha1-etm@openssh.com hmac-sha1
[+] Detected HostKey algorithms:
rsa-sha2-512 ssh-ed25519
rsa-sha2-256
[-] No not recommended ciphers detected!
[+] Detected not recommended KEX algorithms:
ecdh-sha2-nistp256 ecdh-sha2-nistp521
ecdh-sha2-nistp384
[+] Detected not recommended MACs:
umac-64-etm@openssh.com umac-64@openssh.com
hmac-sha1-etm@openssh.com hmac-sha1
[-] No not recommended HostKey algorithms detected!
[+] Compression is enabled
SSHScan categorizes algorithms as either recommended or not recommended based on current cryptographic research and security best practices.
Algorithms flagged as "not recommended" include:
-
Cryptographically broken algorithms such as RC4 (bias attacks), 64-bit block ciphers like 3DES and Blowfish (Sweet32 birthday attack), AES-CBC without Encrypt-then-MAC (padding oracle attacks), and algorithms using SHA-1 signatures like ssh-rsa (vulnerable to chosen-prefix collisions)
-
Algorithms deprecated due to reduced security margins such as HMAC-SHA1 (theoretically secure but phased out) and UMAC-64 (insufficient birthday security)
-
Algorithms not recommended for policy or trust reasons such as NIST P-curves (ecdh-sha2-nistp256/384/521) which are not cryptographically broken but have concerns about their standardization process
For detailed rationale and academic references for each algorithm classification, see ALGORITHM_GUIDANCE.md.
This is originally based on https://github.com/evict/SSHScan