ssh-auditor v0.16 releases: scan for weak ssh passwords
ssh-auditor will automatically:
- Re-check all known hosts as new credentials are added. It will only check the new credentials.
- Queue a full credential scan on any new host discovered.
- Queue a full credential scan on any known host whose ssh version or key fingerprint changes.
- Attempt command execution as well as attempt to tunnel a TCP connection.
- Re-check each credential using a per credential scan_interval – default 14 days.
It’s designed so that you can run ssh-auditor discover + ssh-auditor scan from cron every hour to perform a constant audit.
- 0fe645f turn off debugging for this sshd
- 4f9d741 simplify e2e test running
- 7b91924 allow all tunneling for this test
- fb1f48d fix sshd command
- d5db9ac Merge branch ‘master’ of github.com:ncsa/ssh-auditor
- dd1c959 Improve tunnel testing and e2e tests
- d6a3aaa Merge pull request #11 from kayavila/master
- 6d4a7ef Updating goreleaser config formatting
- 467b2c8 optimize Dockerfile module downloading
- 7d5c12d bump go version used for e2e tests
- 3f2ff54 Convert to a go module
- 89c319e implement host delete command
$ go get github.com/ncsa/ssh-auditor
Create an initial database and discover ssh servers
$ ./ssh-auditor discover -p 22 -p 2222 192.168.1.0/24 10.0.0.1/24
Add credential pairs to check
$ ./ssh-auditor addcredential root root $ ./ssh-auditor addcredential admin admin $ ./ssh-auditor addcredential guest guest --scan-interval 1 #check this once per day
Try credentials against discovered hosts in a batch of 20000
$ ./ssh-auditor scan
Output a report on what credentials worked
$ ./ssh-auditor vuln
This query that ssh-auditor vuln runs are
RE-Check credentials that worked
$ ./ssh-auditor rescan
Output a report on duplicate key usage
$ ./ssh-auditor dupes
Copyright (c) 2016 University of Illinois/NCSA