recent security problems in ssh protocol implementations require that
vulnerable ssh protocol servers be upgraded.  As an administrator of a
large network, it can be difficult to efficiently determine which
implementations of the ssh protocols are running on a network.

To solve this problem, I wrote the ScanSSH protocol scanner.  It
supports very fast and flexible scanning of large networks.

You can obtain the latest version from


The ScanSSH protocol scanner is distributed under a BSD-license and
completely free for any use including commercial.  It has the
following features:

        - fast scanning of large networks
        - unique random address generation
        - network exclusion lists

The resulting output contains the version of the running ssh protocol
servers: <timeout> SSH-1.5-OpenSSH_2.3.2 SSH-1.5-1.2.27 <timeout> <timeout> SSH-1.5-OpenSSH_2.3.0 SSH-1.5-1.2.26 SSH-1.5-OpenSSH_2.3.2 SSH-1.5-OpenSSH_2.3.2 SSH-1.5-1.2.26

If you are responsible for a large network, this tool allows you to
scan your network frequently.  After scanning, for example, the output
can be piped through

    "|grep -i ssh |grep -v "OpenSSH_2.3.[02]"

to find ssh protocol servers that need to be upgraded.

 Niels Provos.

Reply via email to