{
    "additional_notes": [],
    "banner": {
        "comments": null,
        "protocol": "2.0",
        "raw": "SSH-2.0-OpenSSH_8.0",
        "software": "OpenSSH_8.0"
    },
    "compression": [
        "none",
        "zlib@openssh.com"
    ],
    "cves": [
        {
            "cvssv2": 7.0,
            "description": "privilege escalation via supplemental groups",
            "name": "CVE-2021-41617"
        },
        {
            "cvssv2": 7.8,
            "description": "command injection via anomalous argument transfers",
            "name": "CVE-2020-15778"
        },
        {
            "cvssv2": 7.8,
            "description": "memory corruption and local code execution via pre-authentication integer overflow",
            "name": "CVE-2019-16905"
        },
        {
            "cvssv2": 5.3,
            "description": "enumerate usernames via challenge response",
            "name": "CVE-2016-20012"
        }
    ],
    "enc": [
        {
            "algorithm": "chacha20-poly1305@openssh.com",
            "notes": {
                "info": [
                    "default cipher since OpenSSH 6.9",
                    "available since OpenSSH 6.5, Dropbear SSH 2020.79"
                ],
                "warn": [
                    "vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation"
                ]
            }
        },
        {
            "algorithm": "aes256-gcm@openssh.com",
            "notes": {
                "info": [
                    "available since OpenSSH 6.2"
                ]
            }
        },
        {
            "algorithm": "aes128-gcm@openssh.com",
            "notes": {
                "info": [
                    "available since OpenSSH 6.2"
                ]
            }
        },
        {
            "algorithm": "aes256-ctr",
            "notes": {
                "info": [
                    "available since OpenSSH 3.7, Dropbear SSH 0.52"
                ]
            }
        },
        {
            "algorithm": "aes192-ctr",
            "notes": {
                "info": [
                    "available since OpenSSH 3.7"
                ]
            }
        },
        {
            "algorithm": "aes128-ctr",
            "notes": {
                "info": [
                    "available since OpenSSH 3.7, Dropbear SSH 0.52"
                ]
            }
        }
    ],
    "fingerprints": [
        {
            "hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU",
            "hash_alg": "SHA256",
            "hostkey": "ssh-ed25519"
        },
        {
            "hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9",
            "hash_alg": "MD5",
            "hostkey": "ssh-ed25519"
        }
    ],
    "kex": [
        {
            "algorithm": "curve25519-sha256",
            "notes": {
                "info": [
                    "default key exchange from OpenSSH 7.4 to 8.9",
                    "available since OpenSSH 7.4, Dropbear SSH 2018.76"
                ]
            }
        },
        {
            "algorithm": "curve25519-sha256@libssh.org",
            "notes": {
                "info": [
                    "default key exchange from OpenSSH 6.5 to 7.3",
                    "available since OpenSSH 6.4, Dropbear SSH 2013.62"
                ]
            }
        },
        {
            "algorithm": "diffie-hellman-group-exchange-sha256",
            "keysize": 4096,
            "notes": {
                "info": [
                    "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).",
                    "available since OpenSSH 4.4"
                ]
            }
        }
    ],
    "key": [
        {
            "algorithm": "ssh-ed25519",
            "notes": {
                "info": [
                    "available since OpenSSH 6.5, Dropbear SSH 2020.79"
                ]
            }
        }
    ],
    "mac": [
        {
            "algorithm": "hmac-sha2-256-etm@openssh.com",
            "notes": {
                "info": [
                    "available since OpenSSH 6.2"
                ]
            }
        },
        {
            "algorithm": "hmac-sha2-512-etm@openssh.com",
            "notes": {
                "info": [
                    "available since OpenSSH 6.2"
                ]
            }
        },
        {
            "algorithm": "umac-128-etm@openssh.com",
            "notes": {
                "info": [
                    "available since OpenSSH 6.2"
                ]
            }
        }
    ],
    "recommendations": {
        "informational": {
            "add": {
                "kex": [
                    {
                        "name": "diffie-hellman-group16-sha512",
                        "notes": ""
                    },
                    {
                        "name": "diffie-hellman-group18-sha512",
                        "notes": ""
                    }
                ],
                "key": [
                    {
                        "name": "rsa-sha2-256",
                        "notes": ""
                    },
                    {
                        "name": "rsa-sha2-512",
                        "notes": ""
                    }
                ]
            }
        },
        "warning": {
            "del": {
                "enc": [
                    {
                        "name": "chacha20-poly1305@openssh.com",
                        "notes": ""
                    }
                ]
            }
        }
    },
    "target": "localhost:2222"
}