{ "additional_notes": [ "" ], "banner": { "comments": null, "protocol": "2.0", "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0" }, "compression": [ "none", "zlib@openssh.com" ], "cves": [ { "cvssv2": 7.0, "description": "privilege escalation via supplemental groups", "name": "CVE-2021-41617" }, { "cvssv2": 7.8, "description": "command injection via anomalous argument transfers", "name": "CVE-2020-15778" }, { "cvssv2": 7.8, "description": "memory corruption and local code execution via pre-authentication integer overflow", "name": "CVE-2019-16905" }, { "cvssv2": 5.3, "description": "enumerate usernames via challenge response", "name": "CVE-2016-20012" } ], "enc": [ { "algorithm": "chacha20-poly1305@openssh.com", "notes": { "info": [ "default cipher since OpenSSH 6.9", "available since OpenSSH 6.5" ], "warn": [ "vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation" ] } }, { "algorithm": "aes256-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "aes128-gcm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "aes256-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } }, { "algorithm": "aes192-ctr", "notes": { "info": [ "available since OpenSSH 3.7" ] } }, { "algorithm": "aes128-ctr", "notes": { "info": [ "available since OpenSSH 3.7, Dropbear SSH 0.52" ] } } ], "fingerprints": [ { "hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519" }, { "hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519" } ], "kex": [ { "algorithm": "curve25519-sha256", "notes": { "info": [ "default key exchange since OpenSSH 6.4", "available since OpenSSH 7.4, Dropbear SSH 2018.76" ] } }, { "algorithm": "curve25519-sha256@libssh.org", "notes": { "info": [ "default key exchange since OpenSSH 6.4", "available since OpenSSH 6.4, Dropbear SSH 2013.62" ] } }, { "algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 4096, "notes": { "info": [ "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).", "available since OpenSSH 4.4" ] } } ], "key": [ { "algorithm": "ssh-ed25519", "notes": { "info": [ "available since OpenSSH 6.5" ] } } ], "mac": [ { "algorithm": "hmac-sha2-256-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "hmac-sha2-512-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } }, { "algorithm": "umac-128-etm@openssh.com", "notes": { "info": [ "available since OpenSSH 6.2" ] } } ], "recommendations": { "informational": { "add": { "kex": [ { "name": "diffie-hellman-group16-sha512", "notes": "" }, { "name": "diffie-hellman-group18-sha512", "notes": "" } ], "key": [ { "name": "rsa-sha2-256", "notes": "" }, { "name": "rsa-sha2-512", "notes": "" } ] } }, "warning": { "del": { "enc": [ { "name": "chacha20-poly1305@openssh.com", "notes": "" } ] } } }, "target": "localhost:2222" }