SSH configuration scanners
Introduction
The tools in this category are specifically focused on scanning the configuration of SSH. Most of them will be targetting the daemon or SSH server, while others may include the SSH client configuration. Typically they are used by system administrators to harden their SSH configuration or by penetration testers to find weaknesses.
Usage
SSH configuration scanners are typically used for configuration audit and security assessment.
Users for these tools include pentesters, security professionals, system administrators.
Tools
Popular SSH configuration scanners
Lynis (security scanner and compliance auditing tool)
IT audit, penetration testing, security assessment, system hardening, vulnerability scanning
Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for an in-depth audit and continuous improvement. For this reason, it needs to be executed on the host system itself. By seeing the system from the inside out, it can provide more specific details than the average vulnerability scanner.
SSHsec (SSH configuration scanner)
information gathering, penetration testing, security assessment
SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.
ssh-audit (SSH auditing tool)
application security, penetration testing, security assessment
The ssh-audit tool is of great help when scanning SSH servers to discover possible improvements. It is written in Python and with a simple 'git clone' it can already be started. You typically would use a tool like this to improve your own SSH configurations or as part of a security assignment.
ssh_scan (SSH configuration and policy scanner)
penetration testing, security assessment, system hardening, vulnerability scanning
The ssh_scan utility is a SSH configuration and policy scanner maintained by the Mozilla Foundation. It helps to secure Linux systems running the OpenSSH.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.