Service:
sshd
Protocol:
TCPPort:
22Used for:
Secure remote administration and command executionWhy It’s Open
SSH is a fundamental part of server management and automation. It’s commonly used for remote logins, tunneling, and deploying software.
Common Risks
- Brute Force Attacks: Especially on default credentials or common usernames.
- Weak Key Exchange: Old SSH versions may use deprecated or vulnerable algorithms.
- Root Login Enabled: Increases risk of privilege compromise.
- Command Injection via Public Keys: In certain setups, attacker-supplied keys can include commands.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check version
nmap -sV -p 22nmap -p 22 --script=ssh-hostkeyUse ssh to connect
ssh @Banner grabbing
nc 22What to Look For
| Checkpoint | What it means |
|---|---|
| Old OpenSSH version | May have known CVEs |
| Root login allowed | High-risk, avoid unless absolutely needed |
| Password auth enabled | Consider key-based auth only |
Known Exploits
- CVE-2016-0777
An information leak vulnerability in the OpenSSH client due to the roaming feature, allowing a malicious server to obtain sensitive information from the client’s memory, including private keys.
Mitigation
- Disable root login via
PermitRootLogin no - Use SSH keys instead of passwords
- Enforce 2FA or port knocking
- Limit access with
AllowUsersorAllowGroups
Real-World Examples
Botnets scan the internet constantly for open SSH ports. A misconfigured server with weak credentials can be compromised within minutes of exposure.
TL;DR
- Service: SSH (Secure Remote Login)
- Default Port: 22/TCP
- Risks: Credential theft, unauthorized access
- Mitigation: Apply patches, use key-based authentication, restrict access