ssh 보안 취약점 점검 Nmap

 

 

 

 

 

 

 

 

 

 

 

 

 

1. Nmap 패키지 설치
   sudo apt-get install nmap
2. Nmap script update
   sudo nmap --script-update
   sudo nmap --script-updatedb
3. Nmap ssh2-enum-algos script 를 이용한 ssh 알고리즘 보안 취약점 점검.

     nmap -p22 -n -sV --script ssh2-enum-algos 10.101.10.253

4. Nmap 툴 수행 결과
   ubuntu@ubuntu-VirtualBox:~$ nmap -p22 -n -sV --script ssh2-enum-algos 10.101.10.253

Starting Nmap 7.01 ( https://nmap.org ) at 2021-01-25 12:50 KST
Nmap scan report for 10.101.10.253
Host is up (0.00086s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh2-enum-algos:
| kex_algorithms: (6)
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group14-sha1
| server_host_key_algorithms: (5)
| ssh-rsa
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds

 

해당 nmap 툴로는 openssh 만 확인 가능, dropbear 의 경우 지원 되지 않음.

dropbear인 경우 내부 포스팅 중 ssh-audit.py 툴 사용을 참조