Question 1

How does SSH Auditor compare to Hydra for SSH brute-forcing?

Accepted Answer

SSH Auditor is designed for continuous, automated auditing with incremental scans and scheduling, focusing on long-term monitoring and efficiency. In contrast, Hydra is optimized for rapid, one-off penetration testing with faster brute-force attacks, making it better for time-sensitive engagements but less suited for ongoing security workflows.

Question 2

How to set up SSH Auditor to run automatically every hour?

Accepted Answer

Use cron jobs by adding entries like '0 * * * * /path/to/ssh-auditor discover -p 22 192.168.1.0/24' for discovery and '30 * * * * /path/to/ssh-auditor scan' for scanning. Ensure file descriptor limits are adjusted with 'ulimit -n 4096' to avoid connection issues during scans.

Question 3

Can SSH Auditor scan SSH servers on non-standard ports?

Accepted Answer

Yes, specify ports with the -p flag during discovery, e.g., 'ssh-auditor discover -p 2222 -p 22 10.0.0.0/24'. However, manual configuration is required for each port, and the README notes that discovery is the only component needing updates for this.

Question 4

What happens if SSH Auditor hits a fail2ban-protected server?

Accepted Answer

The tool attempts to differentiate between failed passwords and connection timeouts, but fail2ban can block the auditor's IP, leading to incomplete scans or false negatives. It's recommended to whitelist the auditor's IP in fail2ban rules to ensure reliable auditing.

Question 5

Does SSH Auditor include a default list of weak credentials?

Accepted Answer

No, you must add credentials manually using commands like 'ssh-auditor addcredential root root'. Common weak pairs like admin/admin or guest/guest need to be added based on your environment, as shown in the usage examples.

Question 6

How can I export SSH Auditor results to a CSV or other format?

Accepted Answer

Currently, reports are generated via SQLite queries; you can run custom queries on the database or use the 'vuln' command and pipe output to tools like awk or csvkit for formatting. The TODO list mentions potential improvements, but no built-in export features exist yet.

ssh-auditor

What is ssh-auditor?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions