Accessible SSH Report

LAST UPDATED:  2022-06-15

This report identifies hosts that have the Secure Shell (SSH) service running and accessible on the Internet.

This does not indicate that anything is wrong with the system, but if the SSH running on a system (or the version that is running) seems out of place, you may wish to investigate.

See https://en.wikipedia.org/wiki/Secure_Shell for more information.

For more details behind the scan methodology and a daily update of global SSH scan statistics please visit our dedicated Accessible SSH scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

This is just a population/external surface exposure scan. If you prefer not to receive it, contact us to opt-out.

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_ssh, scan6_ssh

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the SSH response came on (always TCP)
  • port
    Port that the SSH response came from (22/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    This will always be ssh
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • serverid_raw
    Name that the SSH server responds with
  • serverid_version
    Max Version of SSH that the server claims to support
  • serverid_software
    Revision number of the server software
  • serverid_comment
    Any other info that the server wishes to convey in its ID string
  • server_cookie
    This is the xauth cookie (I believe)
  • available_kex
    Available Key Exchange Methods
  • available_ciphers
    Available encryption algorithms
  • available_mac
    Available MAC algorithms
  • available_compression
    Available compression algorithms
  • selected_kex
    Selected Key Exchange Method
  • algorithm
    Public Key Algorithm in use
  • selected_cipher
    Selected encryption algorithm
  • selected_mac
    Selected MAC algorithm
  • selected_compression
    Selected compression algorithm
  • server_signature_value
    Server Public Key Signature value
  • server_signature_raw
    Server Public Key Signature raw data
  • server_host_key
    Server Public Key
  • server_host_key_sha256
    Server Public Key SHA256
  • rsa_prime
    The RSA prime value (ssh-rsa only)
  • rsa_prime_length
    RSA prime value length (1024,2048) (ssh-rsa only)
  • rsa_generator
    RSA generator value (ssh-rsa only)
  • rsa_generator_length
    Length of the RSA generator string (ssh-rsa only)
  • rsa_public_key
    RSA public key (ssh-rsa only)
  • rsa_public_key_length
    RSA public key length (ssh-rsa only)
  • rsa_exponent
    RSA exponent used (ssh-rsa only)
  • rsa_modulus
    RSA modulus selected (ssh-rsa only)
  • rsa_length
    Length of the RSA key (1024,2048) (ssh-rsa only)
  • dss_prime
    DSS prime value (ssh-dss only)
  • dss_prime_length
    Length of DSS prime (ssh-dss only)
  • dss_generator
    DSS generator value (ssh-dss only)
  • dss_generator_length
    Length of DSS generator (ssh-dss only)
  • dss_public_key
    DSS public key (ssh-dss only)
  • dss_public_key_length
    Length of DSS public key (ssh-dss only)
  • dss_dsa_public_g
    DSA public key component 'g' (ssh-dss only)
  • dss_dsa_public_p
    DSA public key component 'p' (ssh-dss only)
  • dss_dsa_public_q
    DSA public key component 'q' (ssh-dss only)
  • dss_dsa_public_y
    DSA public key component 'y' (ssh-dss only)
  • ecdsa_curve25519
    Curve25519 public key (ecdsa-* only)
  • ecdsa_curve
    Curve in use (ecdsa-* only)
  • ecdsa_public_key_length
    Public key length (ecdsa-* only)
  • ecdsa_public_key_b
    ECDSA public key component 'b' (ecdsa-* only)
  • ecdsa_public_key_gx
    ECDSA public key component 'gx' (ecdsa-* only)
  • ecdsa_public_key_gy
    ECDSA public key component 'gy' (ecdsa-* only)
  • ecdsa_public_key_n
    ECDSA public key component 'n' (ecdsa-* only)
  • ecdsa_public_key_p
    ECDSA public key component 'p' (ecdsa-* only)
  • ecdsa_public_key_x
    ECDSA public key component 'x' (ecdsa-* only)
  • ecdsa_public_key_y
    ECDSA public key component 'y' (ecdsa-* only)
  • ed25519_curve25519
    Curve25519 public key (ed25519 only)
  • ed25519_cert_public_key_nonce
    Certkey public key nonce (ed25519 only)
  • ed25519_cert_public_key_bytes
    Certkey public key (ed25519 only)
  • ed25519_cert_public_key_raw
    Raw certkey public key (ed25519 only)
  • ed25519_cert_public_key_sha256
    Certkey public key fingerprint (ed25519 only)
  • ed25519_cert_public_key_serial
    Certkey public key serial number (ed25519 only)
  • ed25519_cert_public_key_type_id
    Certificate type (ed25519 only)
  • ed25519_cert_public_key_type_name
    Non-numerical Certificate type name (ed25519 only)
  • ed25519_cert_public_key_keyid
    Certificate key ID (ed25519 only)
  • ed25519_cert_public_key_principles
    Certificate valid principles (ed25519 only)
  • ed25519_cert_public_key_valid_after
    Certificate start date (ed25519 only)
  • ed25519_cert_public_key_valid_before
    Certificate end date (ed25519 only)
  • ed25519_cert_public_key_duration
    How long the certificate is good for (ed25519 only)
  • ed25519_cert_public_key_sigkey_bytes
    Server parsed public signature key (ed25519 only)
  • ed25519_cert_public_key_sigkey_raw
    Raw public signature key (ed25519 only)
  • ed25519_cert_public_key_sigkey_sha256
    Public signature key fingerprint (ed25519 only)
  • ed25519_cert_public_key_sigkey_value
    Public signature key value (ed25519 only)
  • ed25519_cert_public_key_sig_raw
    Raw public key signature (ed25519 only)

Our 119 Report Types

« Back to Network Reporting