Rebex SSH Test result for 128.252.17.87:22

General information

Server Identification:	SSH-2.0-OpenSSH_7.4
IP Address:	128.252.17.87
Generated at:	2024-04-24 21:26:06 UTC (4 hours ago) - clear cache

Potential Terrapin attack vulnerability detected! The server supports ChaCha20-Poly1305 or CBC encryption algorithms and ETM MAC algorithms. See https://terrapin-attack.com/ for more information.

Key Exchange Algorithms

`diffie-hellman-group14-sha256`	Diffie-Hellman with 2048-bit Oakley Group 14 with SHA-256 hash Oakley Group 14 should be secure for now.	Secure
`diffie-hellman-group16-sha512`	Diffie-Hellman with 4096-bit MODP Group 16 with SHA-512 hash	Secure
`diffie-hellman-group18-sha512`	Diffie-Hellman with 8192-bit MODP Group 18 with SHA-512 hash	Secure
`diffie-hellman-group-exchange-sha256`	Diffie-Hellman with MODP Group Exchange with SHA-256 hash	Secure
`curve25519-sha256`	Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash	Secure
`curve25519-sha256@libssh.org`	Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash	Secure
`ecdh-sha2-nistp256`	Elliptic Curve Diffie-Hellman on NIST P-256 curve with SHA-256 hash Possible NSA backdoor.	Secure
`ecdh-sha2-nistp384`	Elliptic Curve Diffie-Hellman on NIST P-384 curve with SHA-384 hash Possible NSA backdoor.	Secure
`ecdh-sha2-nistp521`	Elliptic Curve Diffie-Hellman on NIST P-521 curve with SHA-512 hash Possible NSA backdoor.	Secure
`diffie-hellman-group14-sha1`	Diffie-Hellman with 2048-bit Oakley Group 14 with SHA-1 hash SHA-1 is becoming obsolete, consider using SHA-256 version.	Weak
`diffie-hellman-group1-sha1`	Diffie-Hellman with 1024-bit Oakley Group 2 (not a typo - see RFC) with SHA-1 hash Oakley Group 2 is no longer considered secure. 1024-bit groups may be broken by nation states.	Insecure
`diffie-hellman-group-exchange-sha1`	Diffie-Hellman with MODP Group Exchange with SHA-1 hash SHA-1 is becoming obsolete, consider using SHA-256 version.	Insecure

Server Host Key Algorithms

`ssh-ed25519`	Ed25519, an Edwards-curve Digital Signature Algorithm (EdDSA)	Secure
`ecdsa-sha2-nistp256`	Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-256 curve with SHA-256 hash Possible NSA backdoor.	Secure
`rsa-sha2-256`	RSA with SHA-256 hash	Secure
`rsa-sha2-512`	RSA with SHA-512 hash	Secure
`ssh-rsa`	RSA with SHA-1 hash SHA-1 is becoming obsolete.	Weak

Encryption Algorithms

`chacha20-poly1305@openssh.com`	256-bit ChaCha20 with Poly1305 authenticator by OpenSSH	Secure
`aes256-gcm@openssh.com`	AES with 256-bit key in GCM mode by OpenSSH	Secure
`aes128-gcm@openssh.com`	AES with 128-bit key in GCM mode by OpenSSH	Secure
`aes256-ctr`	AES with 256-bit key in CTR mode	Secure
`aes192-ctr`	AES with 192-bit key in CTR mode	Secure
`aes128-ctr`	AES with 128-bit key in CTR mode	Secure
`aes256-cbc`	AES with 256-bit key in CBC mode A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.	Weak
`aes192-cbc`	AES with 192-bit key in CBC mode A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.	Weak
`aes128-cbc`	AES with 128-bit key in CBC mode A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.	Weak
`blowfish-cbc`	Blowfish with 128-bit key in CBC mode At least 128-bit block size is recommended; Blowfish uses 64-bit blocks. A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.	Weak
`cast128-cbc`	CAST-128 (CAST5) with 128-bit key in CBC mode At least 128-bit block size is recommended; CAST-128 uses 64-bit blocks. A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.	Weak
`3des-cbc`	TripleDES with 192-bit key (112-bit effective security) in CBC mode 3DES is very inefficient.	Weak

MAC Algorithms

`umac-128-etm@openssh.com`	128-bit Universal Hashing MAC (Encrypt-then-MAC) by OpenSSH	Secure
`hmac-sha2-256-etm@openssh.com`	Hash-based MAC using SHA-256 (Encrypt-then-MAC) by OpenSSH	Secure
`hmac-sha2-512-etm@openssh.com`	Hash-based MAC using SHA-512 (Encrypt-then-MAC) by OpenSSH	Secure
`umac-128@openssh.com`	128-bit Universal Hashing MAC by OpenSSH	Secure
`hmac-sha2-256`	Hash-based MAC using SHA-256	Secure
`hmac-sha2-512`	Hash-based MAC using SHA-512	Secure
`umac-64-etm@openssh.com`	64-bit UMAC (Universal Hashing MAC) (Encrypt-then-MAC) by OpenSSH 64-bit UMAC is no longer considered secure enough. Recommended tag size should be at least 128 bits.	Weak
`hmac-sha1-etm@openssh.com`	Hash-based MAC using SHA-1 (Encrypt-then-MAC) by OpenSSH SHA-1 is becoming deprecated - consider replacing with SHA-256 or SHA-512.	Weak
`umac-64@openssh.com`	64-bit UMAC (Universal Hashing MAC) by OpenSSH 64-bit UMAC is no longer considered secure enough.	Weak
`hmac-sha1`	Hash-based MAC using SHA-1 SHA-1 is becoming deprecated - consider replacing with SHA-256 or SHA-512.	Weak

Compression Algorithms

`none`	No compression	Unknown
`zlib@openssh.com`	zlib compression by OpenSSH	Unknown

Server Public Keys

ssh-rsa

Key size:	2048bit
MD5 Fingerprint:	`6a:ed:7a:b7:e1:0e:1a:6a:4c:9c:8f:1a:5e:19:37:65`
SHA-256 Fingerprint:	`+U0sno5j5ZpiIitSXU0vuwS+areMSHBXXdApMbkhicU`
Public key:	---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAB3NzaC1yc2EAAAADAQABAAABAQC6GgBmer7+/sAckEjSWk8k3xOxzmp8HL3V FRq6wg87iSyI3lQ6zo2L9s3ApjeFiNlQp1RIHlzPIk9EmIxJjC/S07ycBOS0gLDm r3MxNr4TGEgwbFsJJArtxqKequI5+1xS4CQL9Emb4Eb6ZLtj46g7EnNqPNvmbCd2 cziMOpg63CaUn2jJenQbgrkvCMUtOSp5X1X/0YpiE86j6TxAhToKQuMLQ8TGy3wU BsQNOFKBHX8BeNNB7BwYFYFtwJGn7gr1POZOwT0/GMwUCa9Qr1AabyRoNPdZsoR2 TbnNWxi4ERpyTtykFvbQWt9AyXmIN14gb9Y48mfLMluJtxe4Km1T ---- END SSH2 PUBLIC KEY ----

rsa-sha2-512

Key size:	2048bit
MD5 Fingerprint:	`6a:ed:7a:b7:e1:0e:1a:6a:4c:9c:8f:1a:5e:19:37:65`
SHA-256 Fingerprint:	`+U0sno5j5ZpiIitSXU0vuwS+areMSHBXXdApMbkhicU`
Public key:	---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAB3NzaC1yc2EAAAADAQABAAABAQC6GgBmer7+/sAckEjSWk8k3xOxzmp8HL3V FRq6wg87iSyI3lQ6zo2L9s3ApjeFiNlQp1RIHlzPIk9EmIxJjC/S07ycBOS0gLDm r3MxNr4TGEgwbFsJJArtxqKequI5+1xS4CQL9Emb4Eb6ZLtj46g7EnNqPNvmbCd2 cziMOpg63CaUn2jJenQbgrkvCMUtOSp5X1X/0YpiE86j6TxAhToKQuMLQ8TGy3wU BsQNOFKBHX8BeNNB7BwYFYFtwJGn7gr1POZOwT0/GMwUCa9Qr1AabyRoNPdZsoR2 TbnNWxi4ERpyTtykFvbQWt9AyXmIN14gb9Y48mfLMluJtxe4Km1T ---- END SSH2 PUBLIC KEY ----

rsa-sha2-256

Key size:	2048bit
MD5 Fingerprint:	`6a:ed:7a:b7:e1:0e:1a:6a:4c:9c:8f:1a:5e:19:37:65`
SHA-256 Fingerprint:	`+U0sno5j5ZpiIitSXU0vuwS+areMSHBXXdApMbkhicU`
Public key:	---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAB3NzaC1yc2EAAAADAQABAAABAQC6GgBmer7+/sAckEjSWk8k3xOxzmp8HL3V FRq6wg87iSyI3lQ6zo2L9s3ApjeFiNlQp1RIHlzPIk9EmIxJjC/S07ycBOS0gLDm r3MxNr4TGEgwbFsJJArtxqKequI5+1xS4CQL9Emb4Eb6ZLtj46g7EnNqPNvmbCd2 cziMOpg63CaUn2jJenQbgrkvCMUtOSp5X1X/0YpiE86j6TxAhToKQuMLQ8TGy3wU BsQNOFKBHX8BeNNB7BwYFYFtwJGn7gr1POZOwT0/GMwUCa9Qr1AabyRoNPdZsoR2 TbnNWxi4ERpyTtykFvbQWt9AyXmIN14gb9Y48mfLMluJtxe4Km1T ---- END SSH2 PUBLIC KEY ----

ecdsa-sha2-nistp256

Key size:	256bit
MD5 Fingerprint:	`44:4a:4e:5e:83:75:d0:c6:2d:de:c6:0b:f2:6c:27:09`
SHA-256 Fingerprint:	`VHImdLEgJxo9hojSK9OtYGtIE7lRupxdKOHz4xvxSsM`
Public key:	---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGi7KiGh8peE ZzRUftQHLrLX0j6oK3uHqWj7LTOiwADk4N4aQxwIlmuSPQCchYkfGMzEmsjjaZDu T4zWzyHhXFk= ---- END SSH2 PUBLIC KEY ----

ssh-ed25519

Key size:	256bit
MD5 Fingerprint:	`54:44:58:c8:b7:08:68:33:ba:dd:40:89:11:9a:1e:a6`
SHA-256 Fingerprint:	`BNE4ZvsKbhnbnnU9Vd/fgHhpW4+180012oSyIyeNJYs`
Public key:	---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAC3NzaC1lZDI1NTE5AAAAIPH6DuyTSE4wZ4CPLB2FCfdaieiioRpkViEj+We1 BZ3e ---- END SSH2 PUBLIC KEY ----