Question 1

How does HASSH compare to JA3 for fingerprinting?

Accepted Answer

HASSH is tailored for SSH traffic using algorithm sets from SSH_MSG_KEXINIT packets, while JA3 focuses on TLS handshake fingerprints. Both are standards for implementation identification, but HASSH is specific to SSH's unique characteristics, offering complementary tools for network security.

Question 2

How to generate a hassh for a custom SSH client?

Accepted Answer

Extract the algorithms from the SSH_MSG_KEXINIT packet, concatenate them with semicolons as delimiters for key exchange, encryption, MAC, and compression, then compute the MD5 hash of the resulting string. Tools implementing HASSH can automate this process in network monitors.

Question 3

Can HASSH detect SSH honeypots like Cowrie?

Accepted Answer

Yes, HASSH can identify honeypots by detecting hasshServer values that belong to deceptive applications such as Cowrie/Kippo, which mimic common OpenSSH servers but have distinct algorithm sets revealed in the fingerprint.

Question 4

What are the limitations of HASSH in real-world networks?

Accepted Answer

HASSH requires access to clear-text SSH_MSG_KEXINIT packets, which may not be available in fully encrypted tunnels. Fingerprints can also change with software updates, necessitating constant updates to hassh databases to avoid false alerts.

Question 5

Is HASSH still maintained in 2023 or beyond?

Accepted Answer

The original Salesforce repository is inactive, but an active fork is maintained by Corelight. Users should check the Corelight GitHub for updates, as ongoing maintenance is crucial for adapting to new SSH implementations and threats.

Question 6

How accurate is HASSH for identifying SSH clients?

Accepted Answer

HASSH is highly accurate for distinguishing between SSH implementations due to the uniqueness of algorithm sets, but accuracy can degrade if clients randomize algorithms or if hashing collisions occur with MD5, requiring supplemental verification.

HASSH

What is HASSH?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions