Secure Shell (SSH) enables two computers to establish an encrypted and direct connection within a possibly insecure network on the standard port TCP 22.
Default Configuration
cat /etc/ssh/sshd_config | grep -v "#" | sed -r '/^\s*$/d'
## DANGERIOUS SETTINGS
PasswordAuthentication yes #Allows password-based authentication.
PermitEmptyPasswords yes #Allows the use of empty passwords.
PermitRootLogin yes #Allows to log in as the root user.
Protocol 1 #Uses an outdated version of encryption.
X11Forwarding yes #Allows X11 forwarding for GUI applications.
AllowTcpForwarding yes #Allows forwarding of TCP ports.
PermitTunnel #Allows tunneling.
DebianBanner yes #Displays a specific banner when logging in.
Footprinting SSH
One of the tools we can use to fingerprint the SSH server is ssh-audit. It checks the client-side and server-side configuration and shows some general information and which encryption algorithms are still used by the client and server.
git clone https://github.com/jtesta/ssh-audit.git && cd ssh-audit
./ssh-audit.py 10.129.14.132
For potential brute-force attacks, we can specify the authentication method with the SSH client option PreferredAuthentications.
