SSH – How to Test if SSH Server Allows Passwords

passwordSecurityssh

I want to test whether or not an ssh server allows passwords and immediately close the connection without actually attempting a login.

Something like this:

allows_password=$(ssh --some-option example.com)
if [ -z "$allows_password" ]; then
  echo "Insecure Server Options"
else
  echo "Insecure Password Access is not Allowed, Great!"
fi

I've actually done this once before, but I couldn't find old script or docs. Sad day. :-/

Best Answer

I found my old script:

ssh -v -n \
  -o Batchmode=yes \
  -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  DOES_NOT_EXIST@localhost 2>&1 | grep password

The -o Batchmode=yes option causes a non-interactive mode where a fallback to password results in failure.
The -v causes the authentication methods to be displayed (among other things).
The -n causes ssh to not open a shell (often used with tunneling), which in this case will cause it to immediately exit (just in case you're connecting to a honeypot or a service like serveo.net that allows clients without authentication)
-o StrictHostKeyChecking=no and -o UserKnownHostsFile=/dev/null automatically accepts the host without writing it to the known-hosts file.
2>&1 forwards debug messages (stderr) to the logging system (stdout) so that grep can do its magic

If password authentication is enabled for some users, it will shows as enabled for all users (but fail after the prompt), as far as I can tell. I suspect this is so that you can't positively id that a user exists on the system.

And so that I don't lose it again: https://coolaj86.com/articles/testing-if-ssh-allows-passwords/

Best Answer

Related Solutions

Security – How to manage your passwords

SSH Authentication – Use Only Password and Ignore SSH Key

Related Topic