Página de manual do OpenSSH relevante: link
-
Ciphers:ssh -Q cipher -
MACs:ssh -Q mac -
KexAlgorithms:ssh -Q kex -
PubkeyAcceptedKeyTypes:ssh -Q key
Existe uma maneira de fazer com que ssh produza quais MACs, Cifras e KexAlgorithms ele suporta?
Eu gostaria de descobrir dinamicamente em vez de ter que olhar para a fonte.
Página de manual do OpenSSH relevante: link
Ciphers : ssh -Q cipher
MACs : ssh -Q mac KexAlgorithms : ssh -Q kex
PubkeyAcceptedKeyTypes : ssh -Q key
Você também pode testar remotamente um servidor ssh para suas cifras suportadas com versões recentes do nmap:
nmap --script ssh2-enum-algos -sV -p <port> <host>
E há um serviço online chamado sshcheck.com (e um grande número de projetos de scanners similares que acabei de descobrir).
Apenas uma dica rápida de que, se você quiser comparar dois servidores, você pode usar o método @eckes assim:
$ sdiff -bW <(nmap --script ssh2-enum-algos -sV -p 22 192.168.1.107) <(nmap --script ssh2-enum-algos -sV -p 22 192.168.1.10)
Starting Nmap 6.47 ( http://nmap.org ) at 2018-01-22 22:35 ES Starting Nmap 6.47 ( http://nmap.org ) at 2018-01-22 22:35 ES
Nmap scan report for skinner.bubba.net (192.168.1.107) | Nmap scan report for mulder.bubba.net (192.168.1.10)
Host is up (0.0037s latency). | Host is up (0.0031s latency).
PORT STATE SERVICE VERSION PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0) | 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
| ssh2-enum-algos: | ssh2-enum-algos:
| kex_algorithms: (3) | | kex_algorithms: (4)
> | diffie-hellman-group-exchange-sha256
| diffie-hellman-group-exchange-sha1 | diffie-hellman-group-exchange-sha1
| diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1
| diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1
| server_host_key_algorithms: (2) | server_host_key_algorithms: (2)
| ssh-rsa | ssh-rsa
| ssh-dss | ssh-dss
| encryption_algorithms: (13) | encryption_algorithms: (13)
| aes128-ctr | aes128-ctr
| aes192-ctr | aes192-ctr
| aes256-ctr | aes256-ctr
| arcfour256 | arcfour256
| arcfour128 | arcfour128
| aes128-cbc | aes128-cbc
| 3des-cbc | 3des-cbc
| blowfish-cbc | blowfish-cbc
| cast128-cbc | cast128-cbc
| aes192-cbc | aes192-cbc
| aes256-cbc | aes256-cbc
| arcfour | arcfour
| [email protected] | [email protected]
| mac_algorithms: (6) | | mac_algorithms: (9)
| hmac-md5 | hmac-md5
| hmac-sha1 | hmac-sha1
> | [email protected]
> | hmac-sha2-256
> | hmac-sha2-512
| hmac-ripemd160 | hmac-ripemd160
| [email protected] | [email protected]
| hmac-sha1-96 | hmac-sha1-96
| hmac-md5-96 | hmac-md5-96
| compression_algorithms: (2) | compression_algorithms: (2)
| none | none
|_ [email protected] |_ [email protected]
Service detection performed. Please report any incorrect resu Service detection performed. Please report any incorrect resu
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds | Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
No exemplo acima, estou mostrando uma comparação lado-a-lado de um servidor CentOS 5.xe 6.x.
$ ssh [email protected] cat /etc/redhat-release
CentOS release 5.11 (Final)
$ ssh [email protected] cat /etc/redhat-release
CentOS release 6.8 (Final)
A saída mostra que você tem 4 linhas adicionais no servidor CentOS 6.x vs. 5.x.
Há 1 kex_algorithm adicional:
3 mac_algorithms adicionais: