It can be hard to know everything about setting up an #ssh server securely. And harder still to know if the changes we make actually lead to a more secure server.
ssh-audit
is a tool to run automated checks against an #ssh server and validates that it is configured to use secure encryption algorithms.
While it doesn't check every possible configuration on the server, it does help identify some potential weaknesses.
To run an audit, run the ssh-audit
command:
ssh-audit domain.tld -p 22
The -p
parameter is used to specify the server port (22 by default)
The output of the command will look something like this:
Once the check has completed, there is a guide here with instructions on how to resolve the most common issues.