Jumpnow Technologies

home code consulting contact

Show SSH Authentication Methods with Nmap

31 Oct 2020

SSH is the standard for getting secure shell access to a remote host.

A number of athentications methods are available, configured in /etc/ssh/sshd_config of the server.

You may want to remotely check what auth methods a server is supporting.

Nmap makes this easy with the ssh-auth-methods [NSE script][nse-doc].

Here are a few examples

Default OpenBSD 6.8

$ nmap -sV -p22 --script ssh-auth-methods 192.168.10.11
Starting Nmap 7.80SVN ( https://nmap.org ) at 2020-10-31 10:46 EDT
Nmap scan report for nuc.jumpnow (192.168.10.11)
Host is up (0.00035s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.4 (protocol 2.0)
| ssh-auth-methods: 
|   Supported authentication methods: 
|     publickey
|     password
|_    keyboard-interactive

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.67 seconds

Default Ubuntu 20.04

$ nmap -sV -p22 --script ssh-auth-methods 192.168.10.12
Starting Nmap 7.80SVN ( https://nmap.org ) at 2020-10-31 10:49 EDT
Nmap scan report for fractal.jumpnow (192.168.10.12)
Host is up (0.00024s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-auth-methods: 
|   Supported authentication methods: 
|     publickey
|_    password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

A server accepting only public key authentication

$ nmap -sV -p22 --script ssh-auth-methods 192.168.10.129
Starting Nmap 7.80SVN ( https://nmap.org ) at 2020-10-31 10:49 EDT
Nmap scan report for 192.168.10.129
Host is up (0.00036s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2 (protocol 2.0)
| ssh-auth-methods: 
|   Supported authentication methods: 
|_    publickey

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

Asuswrt-Merlin Router Firmware

nmap -sV -p22 --script ssh-auth-methods 192.168.10.13
Starting Nmap 7.80SVN ( https://nmap.org ) at 2020-10-31 10:51 EDT
Nmap scan report for ap.jumpnow (192.168.10.13)
Host is up (0.00050s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     Dropbear sshd 2018.76 (protocol 2.0)
| ssh-auth-methods: 
|   Supported authentication methods: 
|     publickey
|_    password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds