OpenSSH/Third Party Utilities
- scanssh - a scanner for SSH hosts and some kinds of proxies
- sshfs - a user-space file system client based on SFTP
- sshfp - generates SSHFP DNS records from knownhosts files or ssh-keyscan
- keychain - re-use ssh-agent and/or gpg-agent between logins
- rsync - synchronizes files and directories using delta encoding
- gstm - a graphical front-end for managing SSH-tunneled port redirects
- sslh - a protocol demultiplexer
- sshguard - an intrusion detection system with packet filtering
- ssh-audit- identifies the server's banner, key exchange, encryption, MAC, compression, compatibility, and other information.
scanssh scans hosts and networks for running services. ScanSSH - Scanning the Internet for SSH Servers  It checks the version number of the server and displays the results in a list. It detects ssh, sftp and several kinds of SOCKS, HTTP, and telnet proxies.
Scan a small subnet for ssh servers:
$ sudo scanssh -n 22 -s ssh 192.168.100.32/26
Scan the same small network for SOCKS proxies:
$ sudo scanssh -s socks5,socks4 192.168.100.32/26
Variable scanning speeds can be set as well as random sampling. Open proxy detection scans to detect open proxies on common ports.
Scan 1000 hosts randomly selected from 172.16.1.1 through 172.31.254.254, at a rate of 200 per second :
$ sudo scanssh -r 200 -p random(1000)/172.16.0.0/12
The hosts and networks to be scanned can be either specified as an IPv4 address or an CIDR like IP prefix with ip address and network mask. Ports can be appended by adding a colon at the end of address specification. The sequence of hosts scanned is random, but that can be modified by the following two parameters, random and split:
random(n[,seed])/ selects a sample of n random addresses from the range specified as targets for scanning. n is the number of address to randomly create in the given network and seed is an optional seed for the pseudo random number generator. For example, it is possible to sample 10000 random IPv4 hosts from the Internet by specifying 'random(10000)/0.0.0.0/0' as the address.
split(s,e)/ selects a specific segment of the address range for use. e specifies the number of segments in parallel and s is the segment number used by this particular scan. This can be used to scan from several hosts in parallel by scanning a different segment from each host.
-n Specifies the port numbers to scan. Ports are separated by commas. Each specified scanner is run for each port in this list. The default port is 22.
Scan for SSH servers on both port 22 and 2022:
$ sudo scanssh -s ssh -n 22,2022 192.168.0.0/24
sshfs builds on the Filesystem in Userspace (FUSE) interface to allow non-privileged users to create a secure, reliable file system framework. It allows a remote file system to be mounted as a local folder by taking advantage of the SFTP subsystem. It uses SFTP to mount a directory from a remote server as a local directory. In that way, all use applications can interact with that directory and its contents as if it were local.As the name implies, this is done in user space and not the kernel as is usually required for file systems. FUSE has a stable API library and bindings to C, C++, and Java. In this case it is specifically the SFTP client that is run over ssh(1) and is then mounted as a file system.
See the Cookbook section on SFTP for more regarding sshfs.
sshfp generates SSHFP NS records using the public keys stored in a known_hosts file or provided by ssh-keyscan(1) as a means to use DNS to publish SSH key fingerprints. That in turn allows DNSSEC lookups to verify SSH keys before use. SSHFP resource records in DNS are used to store fingerprint of SSH public host keys that are associated with the host names. A record itself consists of an algorithm number, fingerprint type, and the fingerprint of the public host key.
See RFC 4255 for details on SSHFP.
keychain is another manager for ssh-agent(1) to allow multiple shells and processes, including cron(8) jobs, to use the keys held by the agent. It is often integrated into desktop-specific tools like Apple Keychain on OS X or kdewallet for KDE. http://www.funtoo.org/en/security/keychain/intro/
rsync is a file transfer utility to transfer files between computers very efficiently. It can run on top of SSH or use its own protocol. SSH is the default. http://rsync.samba.org/
See the Cookbook section on Automated Backup for examples on using rsync live or in scripts.
gstm (Gnome SSH Tunnel Manager)
gstm is a graphical front-end for managing SSH connections and especially port forwarding. http://sourceforge.net/projects/gstm/
sslh is a protocol demultiplexer. It accepts connections on specified ports and forwards them based on the first packet sent by the client. It can be used to share a single port between SSH, SSL, HTTP, OpenVPN, tinc, and XMPP. http://www.rutschle.net/tech/sslh.shtml
See also the section on Multiplexing for a discussion with examples.
sshguard is an intrusion prevention system. It monitors logs to detect undesirable patterns of activities and triggers corresponding packet filter rules for increasing periods of time. It can be used with a few other services besides SSH. http://www.sshguard.net/
ssh-audit is a python script to gather information about SSH servers. It can identify banners used, key exchange, encryption, Message Authentication Code (MAC) algorithms, compression, compatibility settings, and several other security-related aspects. https://github.com/arthepsy/ssh-audit
Additional Third Party Utilities
The following are useful in working with OpenSSH, but outside the scope of this book to go into detail. They are nevertheless worth mentioning enough to warrant a list:
- netstat – Show network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
- nc or netcat – Netcat, the TCP/IP swiss army knife.
- socat – SOcket CAT, a multipurpose relay similar to netcat.
- nmap – Network exploration tool and security scannger.
- tcpdump – Display network traffic realtime.
- telnet – Unencrypted interaction with another host.
- pagsh – Creates a new credential cache sandbox and process authentication group (PAG).
- nohup – Invoke a process that ignores HANGUP signals
- sudo – Execute programs as another user
- lftp – A handy interactive multi-protocol file transfer text-based client supporting SFTP.
- curl – A multi-protocol file transfer text-based client supporting SCP and SFTP.
- tmux – A terminal multiplexer.
- Niels Provos; Peter Honeyman (2001). "ScanSSH - Scanning the Internet for SSH Servers". Center for Information Technology Integration (CITI), University of Michigan. http://www.citi.umich.edu/u/provos/papers/scanssh.pdf. Retrieved 2016-03-05.