SSH Server Auditing: ssh-audit

ID N0WHERE:110995
Type n0where
Reporter N0where
Modified 2016-08-27T18:56:30


ssh-audit is a tool for ssh server auditing


  • SSH1 and SSH2 protocol server support;
  • grab banner, recognize device or software and operating system, detect compression;
  • gather key-exchange, host-key, encryption and message authentication code algorithms;
  • output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
  • output algorithm recommendations (append or remove based on recognized software version);
  • output security information (related issues, assigned CVE list, etc);
  • analyze SSH version compatibility based on algorithm information;
  • historical information from OpenSSH, Dropbear SSH and libssh;
  • no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;

SSH Server Auditing: ssh-audit v1.6.0 Released

SSH Server Auditing: ssh-audit


usage: [-bnv] [-l <level>] <host[:port]>

   -1,  --ssh1             force ssh version 1 only
   -2,  --ssh2             force ssh version 2 only
   -b,  --batch            batch output
   -n,  --no-colors        disable colors
   -v,  --verbose          verbose output
   -l,  --level=<level>    minimum output level (info|warn|fail)
  • batch flag -b will output sections without header and without empty lines (implies verbose flag).
  • verbose flag -v will prefix each line with section type and algorithm name.

SSH Server Auditing: ssh-audit Download