API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 23rd, 2017
566
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.33 KB | None | 0 0
raw download clone embed print report
  1. % ssh-audit scan-me.nmap.org
  2. # general
  3. (gen) banner: SSH-2.0-OpenSSH_6.6.1
  4. (gen) software: OpenSSH 6.6.1
  5. (gen) compatibility: OpenSSH 6.5-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)
  6. (gen) compression: enabled (zlib@openssh.com)
  7.  
  8. # key exchange algorithms
  9. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  10. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
  11. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  12. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
  13. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  14. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
  15. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  16. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  17. `- [info] available since OpenSSH 4.4
  18. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  19. `- [warn] using weak hashing algorithm
  20. `- [info] available since OpenSSH 2.3.0
  21. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  22. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  23. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  24. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  25. `- [warn] using small 1024-bit modulus
  26. `- [warn] using weak hashing algorithm
  27. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  28.  
  29. # host-key algorithms
  30. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  31. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
  32. `- [warn] using weak random number generator could reveal the key
  33. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  34. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
  35.  
  36. # encryption algorithms (ciphers)
  37. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  38. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  39. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  40. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  41. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  42. `- [warn] using weak cipher
  43. `- [info] available since OpenSSH 4.2
  44. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  45. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  46. `- [warn] using weak cipher
  47. `- [info] available since OpenSSH 4.2
  48. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
  49. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
  50. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
  51. `- [info] default cipher since OpenSSH 6.9.
  52. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  53. `- [warn] using weak cipher mode
  54. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  55. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  56. `- [warn] using weak cipher
  57. `- [warn] using weak cipher mode
  58. `- [warn] using small 64-bit block size
  59. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  60. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  61. `- [fail] disabled since Dropbear SSH 0.53
  62. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  63. `- [warn] using weak cipher mode
  64. `- [warn] using small 64-bit block size
  65. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  66. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  67. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  68. `- [warn] using weak cipher mode
  69. `- [warn] using small 64-bit block size
  70. `- [info] available since OpenSSH 2.1.0
  71. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  72. `- [warn] using weak cipher mode
  73. `- [info] available since OpenSSH 2.3.0
  74. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  75. `- [warn] using weak cipher mode
  76. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  77. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  78. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  79. `- [warn] using weak cipher
  80. `- [info] available since OpenSSH 2.1.0
  81. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  82. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  83. `- [warn] using weak cipher mode
  84. `- [info] available since OpenSSH 2.3.0
  85.  
  86. # message authentication code algorithms
  87. (mac) hmac-md5-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  88. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  89. `- [warn] using weak hashing algorithm
  90. `- [info] available since OpenSSH 6.2
  91. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
  92. `- [info] available since OpenSSH 6.2
  93. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
  94. `- [info] available since OpenSSH 6.2
  95. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
  96. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
  97. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
  98. (mac) hmac-ripemd160-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  99. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  100. `- [info] available since OpenSSH 6.2
  101. (mac) hmac-sha1-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  102. `- [warn] using weak hashing algorithm
  103. `- [info] available since OpenSSH 6.2
  104. (mac) hmac-md5-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  105. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  106. `- [warn] using weak hashing algorithm
  107. `- [info] available since OpenSSH 6.2
  108. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  109. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  110. `- [warn] using encrypt-and-MAC mode
  111. `- [warn] using weak hashing algorithm
  112. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  113. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  114. `- [warn] using weak hashing algorithm
  115. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  116. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  117. `- [warn] using small 64-bit tag size
  118. `- [info] available since OpenSSH 4.7
  119. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
  120. `- [info] available since OpenSSH 6.2
  121. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  122. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  123. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  124. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  125. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  126. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  127. `- [warn] using encrypt-and-MAC mode
  128. `- [info] available since OpenSSH 2.5.0
  129. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  130. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  131. `- [warn] using encrypt-and-MAC mode
  132. `- [info] available since OpenSSH 2.1.0
  133. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  134. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  135. `- [warn] using encrypt-and-MAC mode
  136. `- [warn] using weak hashing algorithm
  137. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  138. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  139. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  140. `- [warn] using encrypt-and-MAC mode
  141. `- [warn] using weak hashing algorithm
  142. `- [info] available since OpenSSH 2.5.0
  143.  
  144. # algorithm recommendations (for OpenSSH 6.6.1)
  145. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  146. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
  147. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
  148. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
  149. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
  150. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
  151. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
  152. (rec) -arcfour -- enc algorithm to remove
  153. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
  154. (rec) -blowfish-cbc -- enc algorithm to remove
  155. (rec) -3des-cbc -- enc algorithm to remove
  156. (rec) -aes256-cbc -- enc algorithm to remove
  157. (rec) -arcfour256 -- enc algorithm to remove
  158. (rec) -cast128-cbc -- enc algorithm to remove
  159. (rec) -aes192-cbc -- enc algorithm to remove
  160. (rec) -arcfour128 -- enc algorithm to remove
  161. (rec) -aes128-cbc -- enc algorithm to remove
  162. (rec) -hmac-sha2-512 -- mac algorithm to remove
  163. (rec) -hmac-md5-96 -- mac algorithm to remove
  164. (rec) -hmac-md5-etm@openssh.com -- mac algorithm to remove
  165. (rec) -hmac-sha1-96-etm@openssh.com -- mac algorithm to remove
  166. (rec) -hmac-ripemd160-etm@openssh.com -- mac algorithm to remove
  167. (rec) -hmac-md5-96-etm@openssh.com -- mac algorithm to remove
  168. (rec) -hmac-sha2-256 -- mac algorithm to remove
  169. (rec) -hmac-ripemd160 -- mac algorithm to remove
  170. (rec) -umac-128@openssh.com -- mac algorithm to remove
  171. (rec) -hmac-sha1-96 -- mac algorithm to remove
  172. (rec) -umac-64@openssh.com -- mac algorithm to remove
  173. (rec) -hmac-md5 -- mac algorithm to remove
  174. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
  175. (rec) -hmac-sha1 -- mac algorithm to remove
  176. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
  177. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!