2023-03-24 23:48:36 +01:00
{
2024-04-18 19:58:13 +02:00
"additional_notes" : [ ] ,
2023-03-24 23:48:36 +01:00
"banner" : {
"comments" : null ,
2023-09-05 22:36:54 +02:00
"protocol" : "2.0" ,
2023-03-24 23:48:36 +01:00
"raw" : "SSH-2.0-OpenSSH_8.0" ,
"software" : "OpenSSH_8.0"
} ,
"compression" : [
"none" ,
"zlib@openssh.com"
] ,
2024-09-26 19:15:58 +02:00
"cves" : [ ] ,
2023-03-24 23:48:36 +01:00
"enc" : [
2023-09-05 22:36:54 +02:00
{
"algorithm" : "chacha20-poly1305@openssh.com" ,
"notes" : {
"info" : [
"default cipher since OpenSSH 6.9" ,
2024-03-19 20:47:09 +01:00
"available since OpenSSH 6.5, Dropbear SSH 2020.79"
2023-12-19 20:03:28 +01:00
] ,
"warn" : [
"vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation"
2023-09-05 22:36:54 +02:00
]
}
} ,
{
"algorithm" : "aes128-ctr" ,
"notes" : {
"info" : [
"available since OpenSSH 3.7, Dropbear SSH 0.52"
]
}
} ,
{
"algorithm" : "aes192-ctr" ,
"notes" : {
"info" : [
"available since OpenSSH 3.7"
]
}
} ,
{
"algorithm" : "aes256-ctr" ,
"notes" : {
"info" : [
"available since OpenSSH 3.7, Dropbear SSH 0.52"
]
}
} ,
{
"algorithm" : "aes128-gcm@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 6.2"
]
}
} ,
{
"algorithm" : "aes256-gcm@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 6.2"
]
}
}
2023-03-24 23:48:36 +01:00
] ,
"fingerprints" : [
{
"hash" : "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU" ,
"hash_alg" : "SHA256" ,
"hostkey" : "ssh-ed25519"
} ,
{
"hash" : "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9" ,
"hash_alg" : "MD5" ,
"hostkey" : "ssh-ed25519"
}
] ,
"kex" : [
{
2023-09-05 22:36:54 +02:00
"algorithm" : "curve25519-sha256" ,
"notes" : {
"info" : [
2024-03-19 23:24:22 +01:00
"default key exchange from OpenSSH 7.4 to 8.9" ,
2023-09-05 22:36:54 +02:00
"available since OpenSSH 7.4, Dropbear SSH 2018.76"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "curve25519-sha256@libssh.org" ,
"notes" : {
"info" : [
2024-03-19 23:24:22 +01:00
"default key exchange from OpenSSH 6.5 to 7.3" ,
2023-09-05 22:36:54 +02:00
"available since OpenSSH 6.4, Dropbear SSH 2013.62"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "ecdh-sha2-nistp256" ,
"notes" : {
"fail" : [
"using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency"
] ,
"info" : [
"available since OpenSSH 5.7, Dropbear SSH 2013.62"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "ecdh-sha2-nistp384" ,
"notes" : {
"fail" : [
"using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency"
] ,
"info" : [
"available since OpenSSH 5.7, Dropbear SSH 2013.62"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "ecdh-sha2-nistp521" ,
"notes" : {
"fail" : [
"using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency"
] ,
"info" : [
"available since OpenSSH 5.7, Dropbear SSH 2013.62"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
"algorithm" : "diffie-hellman-group-exchange-sha256" ,
2023-09-05 22:36:54 +02:00
"keysize" : 4096 ,
"notes" : {
"info" : [
"OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477)." ,
"available since OpenSSH 4.4"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "diffie-hellman-group16-sha512" ,
"notes" : {
"info" : [
"available since OpenSSH 7.3, Dropbear SSH 2016.73"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "diffie-hellman-group18-sha512" ,
"notes" : {
"info" : [
"available since OpenSSH 7.3"
2024-11-25 21:56:51 +01:00
] ,
"warn" : [
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "diffie-hellman-group14-sha256" ,
"notes" : {
"info" : [
"available since OpenSSH 7.3, Dropbear SSH 2016.73"
] ,
"warn" : [
2024-11-25 21:56:51 +01:00
"2048-bit modulus only provides 112-bits of symmetric strength" ,
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-09-05 22:36:54 +02:00
"algorithm" : "diffie-hellman-group14-sha1" ,
"notes" : {
"fail" : [
"using broken SHA-1 hash algorithm"
] ,
"info" : [
"available since OpenSSH 3.9, Dropbear SSH 0.53"
] ,
"warn" : [
2024-11-25 21:56:51 +01:00
"2048-bit modulus only provides 112-bits of symmetric strength" ,
"does not provide protection against post-quantum attacks"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
}
] ,
"key" : [
{
2023-09-05 22:36:54 +02:00
"algorithm" : "ssh-ed25519" ,
"notes" : {
"info" : [
2024-03-19 20:47:09 +01:00
"available since OpenSSH 6.5, Dropbear SSH 2020.79"
2023-09-05 22:36:54 +02:00
]
}
2023-03-24 23:48:36 +01:00
} ,
{
2023-04-25 15:17:32 +02:00
"algorithm" : "ssh-ed25519-cert-v01@openssh.com" ,
"ca_algorithm" : "ssh-ed25519" ,
2023-09-05 22:36:54 +02:00
"casize" : 256 ,
"notes" : {
"info" : [
"available since OpenSSH 6.5"
]
}
2023-03-24 23:48:36 +01:00
}
] ,
"mac" : [
2023-09-05 22:36:54 +02:00
{
"algorithm" : "umac-64-etm@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 6.2"
] ,
"warn" : [
"using small 64-bit tag size"
]
}
} ,
{
"algorithm" : "umac-128-etm@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 6.2"
]
}
} ,
{
"algorithm" : "hmac-sha2-256-etm@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 6.2"
]
}
} ,
{
"algorithm" : "hmac-sha2-512-etm@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 6.2"
]
}
} ,
{
"algorithm" : "hmac-sha1-etm@openssh.com" ,
"notes" : {
"fail" : [
"using broken SHA-1 hash algorithm"
] ,
"info" : [
"available since OpenSSH 6.2"
]
}
} ,
{
"algorithm" : "umac-64@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 4.7"
] ,
"warn" : [
"using encrypt-and-MAC mode" ,
"using small 64-bit tag size"
]
}
} ,
{
"algorithm" : "umac-128@openssh.com" ,
"notes" : {
"info" : [
"available since OpenSSH 6.2"
] ,
"warn" : [
"using encrypt-and-MAC mode"
]
}
} ,
{
"algorithm" : "hmac-sha2-256" ,
"notes" : {
"info" : [
"available since OpenSSH 5.9, Dropbear SSH 2013.56"
] ,
"warn" : [
"using encrypt-and-MAC mode"
]
}
} ,
{
"algorithm" : "hmac-sha2-512" ,
"notes" : {
"info" : [
"available since OpenSSH 5.9, Dropbear SSH 2013.56"
] ,
"warn" : [
"using encrypt-and-MAC mode"
]
}
} ,
{
"algorithm" : "hmac-sha1" ,
"notes" : {
"fail" : [
"using broken SHA-1 hash algorithm"
] ,
"info" : [
"available since OpenSSH 2.1.0, Dropbear SSH 0.28"
] ,
"warn" : [
"using encrypt-and-MAC mode"
]
}
}
2023-03-24 23:48:36 +01:00
] ,
"recommendations" : {
"critical" : {
"del" : {
"kex" : [
{
"name" : "diffie-hellman-group14-sha1" ,
"notes" : ""
} ,
{
"name" : "ecdh-sha2-nistp256" ,
"notes" : ""
} ,
{
"name" : "ecdh-sha2-nistp384" ,
"notes" : ""
} ,
{
"name" : "ecdh-sha2-nistp521" ,
"notes" : ""
}
] ,
"mac" : [
{
"name" : "hmac-sha1" ,
"notes" : ""
} ,
{
"name" : "hmac-sha1-etm@openssh.com" ,
"notes" : ""
}
]
}
} ,
"informational" : {
"add" : {
"key" : [
{
"name" : "rsa-sha2-256" ,
"notes" : ""
} ,
{
"name" : "rsa-sha2-512" ,
"notes" : ""
}
]
}
} ,
"warning" : {
2024-11-25 21:56:51 +01:00
"chg" : {
"kex" : [
{
"name" : "diffie-hellman-group-exchange-sha256" ,
"notes" : "increase modulus size to 3072 bits or larger"
}
]
} ,
2023-03-24 23:48:36 +01:00
"del" : {
2023-12-19 20:03:28 +01:00
"enc" : [
{
"name" : "chacha20-poly1305@openssh.com" ,
"notes" : ""
}
] ,
2023-03-24 23:48:36 +01:00
"kex" : [
2024-11-25 21:56:51 +01:00
{
"name" : "curve25519-sha256" ,
"notes" : ""
} ,
{
"name" : "curve25519-sha256@libssh.org" ,
"notes" : ""
} ,
2023-03-24 23:48:36 +01:00
{
"name" : "diffie-hellman-group14-sha256" ,
"notes" : ""
2024-11-25 21:56:51 +01:00
} ,
{
"name" : "diffie-hellman-group16-sha512" ,
"notes" : ""
} ,
{
"name" : "diffie-hellman-group18-sha512" ,
"notes" : ""
2023-03-24 23:48:36 +01:00
}
] ,
"mac" : [
{
"name" : "hmac-sha2-256" ,
"notes" : ""
} ,
{
"name" : "hmac-sha2-512" ,
"notes" : ""
} ,
{
2023-03-28 18:09:25 +02:00
"name" : "umac-128@openssh.com" ,
2023-03-24 23:48:36 +01:00
"notes" : ""
} ,
{
2023-03-28 18:09:25 +02:00
"name" : "umac-64-etm@openssh.com" ,
2023-03-24 23:48:36 +01:00
"notes" : ""
} ,
{
2023-03-28 18:09:25 +02:00
"name" : "umac-64@openssh.com" ,
2023-03-24 23:48:36 +01:00
"notes" : ""
}
]
}
}
} ,
"target" : "localhost:2222"
}