22 - SSH
Introduction
Port: 22 (TCP) The Secure Shell (SSH) protocol is used for operating network services and transferring files securely over an unsecured network.
Basic enumeration
Default enumeration:
nmap -p22 -sC -sV -n <TARGET>
To obtain the number of algorithms supported by the server and how to add them if they are not supported by default.
sudo nmap --script=ssh2-enum-algos -p22 -n <TARGET>ssh <USER>@<IP> -oKexAlgorithms=+diffie-hellman-group1-sha1
To obtain the SSH server's key fingerprint. If the host key has been reused and it is publicly known, the attacker could lead to MITM attacks.
sudo nmap --script=ssh-hostkey -p22 -n <TARGET>
To check support for SSHv1.
sudo nmap --script=sshv1 -p22 -n <TARGET>
This command returns authentication methods that an SSH server supports (The username may be invalid).
sudo nmap --script=ssh-auth-methods --script-args="ssh.user=<USERNAME>" -p22 -n <TARGET>
Last updated