About
This free tool audits the configuration of an SSH server or client and highlights the areas needing improvement.
Too many admins overlook SSH configuration when setting up new systems. Unfortunately, the defaults for many operating systems are optimized for compatibility, not security.
To see a sample report, click here.
Server Audit
To audit a server configuration, enter its hostname or IPv4/IPv6 address:
Client Audit
To audit a client configuration, click the button below. A listener will begin on a random port on the ssh-audit.com server. With any username, simply connect to it within 45 seconds.
News
- Dec. 21, 2023: Added test for the Terrapin vulnerability (CVE-2023-48795).
- Feb. 1, 2023: Added Ubuntu Server 22.04 hardening policy.
- Oct. 21, 2020: Added server policy scanning.
- Feb. 9, 2020: Host key type 'ssh-rsa' is now considered weak due to practical SHA-1 attacks.
- Nov. 14, 2019: Added client auditing capability.
- Oct. 8, 2019: Port restrictions removed for greater convenience.