\fBssh-audit\fP analyzes the configuration of SSH servers & clients, then warns the user of weak, obsolete, and/or untested cryptographic primitives. It is very useful for hardening SSH tunnels, which by default tend to be optimized for compatibility, not security.
See <https://www.ssh\-audit.com/> for official hardening guides for common platforms.
.SHOPTIONS
.TP
.B-h,\-\-help
.br
Print short summary of options.
.TP
.B-1,\-\-ssh1
.br
Only perform an audit using SSH protocol version 1.
.TP
.B-2,\-\-ssh2
.br
Only perform an audit using SSH protocol version 2.
.TP
.B-4,\-\-ipv4
.br
Prioritize the usage of IPv4.
.TP
.B-6,\-\-ipv6
.br
Prioritize the usage of IPv6.
.TP
.B-b,\-\-batch
.br
Enables grepable output.
.TP
.B-c,\-\-client\-audit
.br
Starts a server on port 2222 to audit client software configuration. Use -p/--port=<port> to change port and -t/--timeout=<secs> to change listen timeout.
Creates a policy based on the target server. Useful when other servers should be compared to the target server's custom configuration (i.e.: a cluster environment). Note that the resulting policy can be edited manually.
.TP
.B-n,\-\-no-colors
.br
Disable color output.
.TP
.B-p,\-\-port=<port>
.br
The TCP port to connect to when auditing a server, or the port to listen on when auditing a client.
Runs a policy audit against a target using the specified policy (see \fBPOLICY AUDIT\fP section for detailed description of this mode of operation). Combine with -c/--client-audit to audit a client configuration instead of a server. Use -L/--list-policies to list all official, built-in policies for common systems.
.TP
.B-t,\-\-timeout=<secs>
.br
The timeout, in seconds, for creating connections and reading data from the socket. Default is 5.
By default, \fBssh-audit\fP performs a standard audit. That is, it enumerates all host key types, key exchanges, ciphers, MACs, and other information, then color-codes them in output to the user. Cryptographic primitives with potential issues are displayed in yellow; primitives with serious flaws are displayed in red.
When the -P/--policy option is used, \fBssh-audit\fP performs a policy audit. The target's host key types, key exchanges, ciphers, MACs, and other information is compared to a set of expected values defined in the specified policy file. If everything matches, only a short message stating a passing result is reported. Otherwise, the field(s) that did not match are reported.
Policy auditing is helpful for ensuring a group of related servers are properly hardened to an exact specification.
.PP
The set of official built-in policies can be viewed with -L/--list-policies. Multiple servers can be audited with -T/--targets=<servers.txt>. Custom policies can be made from an ideal target server with -M/--make-policy=<custom_policy.txt>.
.SHEXAMPLES
.LP
Basic server auditing:
.RS
.nf
ssh-audit localhost
ssh-audit 127.0.0.1
ssh-audit 127.0.0.1:222
ssh-audit ::1
ssh-audit [::1]:222
.fi
.RE
.LP
To run a standard audit against many servers (place targets into servers.txt, one on each line in the format of HOST[:PORT]):