{ "additional_notes": [], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-dropbear_2019.78", "software": "dropbear_2019.78" }, "compression": [ "zlib@openssh.com", "none" ], "cves": [], "enc": [ { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes128-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "aes256-cbc", "notes": { "info": [ "available since OpenSSH 2.3.0, Dropbear SSH 0.47" ], "warn": [ "using weak cipher mode" ] } }, { "algorithm": "3des-ctr", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since Dropbear SSH 0.52" ] } }, { "algorithm": "3des-cbc", "notes": { "fail": [ "using broken & deprecated 3DES cipher" ], "info": [ "available since OpenSSH 1.2.2, Dropbear SSH 0.28" ], "warn": [ "using weak cipher mode", "using small 64-bit block size" ] } } ], "fingerprints": [ { "hash": "jdUfqoGCDOY1drQcoqIJm/pEix2r09hqwOs9E9GimZQ", "hash_alg": "SHA256", "hostkey": "ecdsa-sha2-nistp256" }, { "hash": "98:27:f3:12:20:f6:23:6d:1a:00:2a:6c:71:7c:1e:6b", "hash_alg": "MD5", "hostkey": "ecdsa-sha2-nistp256" }, { "hash": "NBzry0uMAX8BRsn4mv9CHpeivMOdwzGFEKrf6Hg7tIQ", "hash_alg": "SHA256", "hostkey": "ssh-dss" }, { "hash": "16:60:9e:54:d7:1e:b3:0d:97:60:12:ad:fe:83:a2:40", "hash_alg": "MD5", "hostkey": "ssh-dss" }, { "hash": "CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM", "hash_alg": "SHA256", "hostkey": "ssh-rsa" }, { "hash": "63:7f:54:f7:0a:28:7f:75:0b:f4:07:0b:fc:66:51:a2", "hash_alg": "MD5", "hostkey": "ssh-rsa" } ], "kex": [ { "algorithm": "curve25519-sha256", "notes": { "info": [ "default key exchange from OpenSSH 7.4 to 8.9", "available since OpenSSH 7.4, Dropbear SSH 2018.76" ], "warn": [ "does not provide protection against post-quantum attacks" ] } }, { "algorithm": "curve25519-sha256@libssh.org", "notes": { "info": [ "default key exchange from OpenSSH 6.5 to 7.3", "available since OpenSSH 6.4, Dropbear SSH 2013.62" ], "warn": [ "does not provide protection against post-quantum attacks" ] } }, { "algorithm": "ecdh-sha2-nistp521", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ], "warn": [ "does not provide protection against post-quantum attacks" ] } }, { "algorithm": "ecdh-sha2-nistp384", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ], "warn": [ "does not provide protection against post-quantum attacks" ] } }, { "algorithm": "ecdh-sha2-nistp256", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ], "warn": [ "does not provide protection against post-quantum attacks" ] } }, { "algorithm": "diffie-hellman-group14-sha256", "notes": { "info": [ "available since OpenSSH 7.3, Dropbear SSH 2016.73" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength", "does not provide protection against post-quantum attacks" ] } }, { "algorithm": "diffie-hellman-group14-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 3.9, Dropbear SSH 0.53" ], "warn": [ "2048-bit modulus only provides 112-bits of symmetric strength", "does not provide protection against post-quantum attacks" ] } }, { "algorithm": "kexguess2@matt.ucc.asn.au", "notes": { "info": [ "available since Dropbear SSH 2013.57" ], "warn": [ "does not provide protection against post-quantum attacks" ] } } ], "key": [ { "algorithm": "ecdsa-sha2-nistp256", "notes": { "fail": [ "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" ], "info": [ "available since OpenSSH 5.7, Dropbear SSH 2013.62" ], "warn": [ "using weak random number generator could reveal the key" ] } }, { "algorithm": "ssh-rsa", "keysize": 1024, "notes": { "fail": [ "using broken SHA-1 hash algorithm", "using small 1024-bit modulus" ], "info": [ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", "available since OpenSSH 2.5.0, Dropbear SSH 0.28" ] } }, { "algorithm": "ssh-dss", "notes": { "fail": [ "using small 1024-bit modulus" ], "info": [ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using weak random number generator could reveal the key" ] } } ], "mac": [ { "algorithm": "hmac-sha1-96", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.5.0, Dropbear SSH 0.47" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha1", "notes": { "fail": [ "using broken SHA-1 hash algorithm" ], "info": [ "available since OpenSSH 2.1.0, Dropbear SSH 0.28" ], "warn": [ "using encrypt-and-MAC mode" ] } }, { "algorithm": "hmac-sha2-256", "notes": { "info": [ "available since OpenSSH 5.9, Dropbear SSH 2013.56" ], "warn": [ "using encrypt-and-MAC mode" ] } } ], "recommendations": { "critical": { "del": { "enc": [ { "name": "3des-cbc", "notes": "" }, { "name": "3des-ctr", "notes": "" } ], "kex": [ { "name": "diffie-hellman-group14-sha1", "notes": "" }, { "name": "ecdh-sha2-nistp256", "notes": "" }, { "name": "ecdh-sha2-nistp384", "notes": "" }, { "name": "ecdh-sha2-nistp521", "notes": "" } ], "key": [ { "name": "ecdsa-sha2-nistp256", "notes": "" }, { "name": "ssh-dss", "notes": "" }, { "name": "ssh-rsa", "notes": "" } ], "mac": [ { "name": "hmac-sha1", "notes": "" }, { "name": "hmac-sha1-96", "notes": "" } ] } }, "informational": { "add": { "enc": [ { "name": "twofish128-ctr", "notes": "" }, { "name": "twofish256-ctr", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "aes128-cbc", "notes": "" }, { "name": "aes256-cbc", "notes": "" } ], "kex": [ { "name": "curve25519-sha256", "notes": "" }, { "name": "curve25519-sha256@libssh.org", "notes": "" }, { "name": "diffie-hellman-group14-sha256", "notes": "" }, { "name": "kexguess2@matt.ucc.asn.au", "notes": "" } ], "mac": [ { "name": "hmac-sha2-256", "notes": "" } ] } } }, "target": "localhost:2222" }