SSH configuration scanners

Introduction

Want to know how well your SSH configuration is secured or are you performing a pentest? These tools will help to uncover possible weaknesses in a running SSH instance.

The tools in this category are specifically focused on scanning the configuration of SSH. Most of them will be targetting the daemon or SSH server, while others may include the SSH client configuration. Typically they are used by system administrators to harden their SSH configuration or by penetration testers to find weaknesses.

Usage

SSH configuration scanners are typically used for configuration audit and security assessment.

Users for these tools include pentesters, security professionals, system administrators.

Tools

SSH configuration scanners
ToolTypeDescriptionLatest releaseRelease dateScore
LynisSecurity scanner and compliance auditing toolLynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.2.6.6July 6, 2018100
ssh-auditSSH auditing toolThe ssh-audit tool helps to perform a security assessment of SSH servers and their configuration. It can be used for security testing and penetration tests.1.7.0Oct. 26, 201660
ssh_scanSSH configuration and policy scannerThe ssh_scan utility is a SSH configuration and policy scanner maintained by the Mozilla Foundation. It helps to secure Linux systems running the OpenSSH.0.0.35June 4, 201885
SSHsecSSH configuration scannerSSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.1.4.0July 8, 201760