Tagged: service

SSH Revamp

SSH was one of the first protocols that I started crawling for 5 years ago because just connecting to the daemon already tells you what it’s running. I.e. you don’t have to send any data to SSH in order to get something interesting back. There have been some incremental improvements to add product and version detection but beyond that it’s stayed mostly the same.

Introducing the new, sexier SSH banner:



The crawlers now collect the key, key type, fingerprint, MAC and cipher used for each successful SSH connection! And alongside these changes the API has also been enhanced with 4 new facets for SSH:

  • ssh.cipherssh_cipher
  • ssh.fingerprint
  • ssh.macssh_mac
  • ssh.typessh_type

I hope you enjoy the new banner and information that’s being gathered for SSH now! Let me know if there are other banners you’d like to see improved as well.