SSH servers survey in spring 2024

Previous SSH survey in Autumn 2022.

In Spring 2024, I scanned ~65k random SSH hosts.

Most popular SSH server banners:

  16467 serv_banner: SSH-2.0-OpenSSH_7.4
   7070 serv_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
   5465 serv_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
   3941 serv_banner: SSH-2.0-OpenSSH_8.0
   2824 serv_banner: SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u4
   2438 serv_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5
   2271 serv_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
   1837 serv_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
   1668 serv_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
   1612 serv_banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
   1376 serv_banner: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
   1042 serv_banner: SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
   1002 serv_banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
    932 serv_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
    855 serv_banner: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
    830 serv_banner: SSH-2.0-OpenSSH_8.7
    671 serv_banner: SSH-2.0-OpenSSH_9.6
    646 serv_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
    588 serv_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
    520 serv_banner: SSH-2.0-OpenSSH_9.0
    365 serv_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9
    362 serv_banner: SSH-2.0-OpenSSH_9.3p1 Ubuntu-1ubuntu3.2
    313 serv_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5
    311 serv_banner: SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13
    302 serv_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
    287 serv_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
    280 serv_banner: SSH-2.0-OpenSSH_8.9p1
    263 serv_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
    254 serv_banner: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
    232 serv_banner: SSH-2.0-OpenSSH_8.4p1
...

KEX algorithms offered:

  64328 kex_algorithms: diffie-hellman-group-exchange-sha256
  62699 kex_algorithms: curve25519-sha256@libssh.org
  61952 kex_algorithms: ecdh-sha2-nistp256
  61950 kex_algorithms: ecdh-sha2-nistp384
  61944 kex_algorithms: ecdh-sha2-nistp521
  57380 kex_algorithms: curve25519-sha256
  56943 kex_algorithms: diffie-hellman-group16-sha512
  56864 kex_algorithms: diffie-hellman-group18-sha512
  56256 kex_algorithms: diffie-hellman-group14-sha256
  34628 kex_algorithms: diffie-hellman-group14-sha1
  26616 kex_algorithms: kex-strict-s-v00@openssh.com
  18861 kex_algorithms: diffie-hellman-group-exchange-sha1
  15732 kex_algorithms: diffie-hellman-group1-sha1
  11834 kex_algorithms: sntrup761x25519-sha512@openssh.com
...

Server host algorithms offered:

  63704 server_host_algorithms: rsa-sha2-256
  63703 server_host_algorithms: rsa-sha2-512
  60837 server_host_algorithms: ssh-ed25519
  60339 server_host_algorithms: ecdsa-sha2-nistp256
  52337 server_host_algorithms: ssh-rsa
   2015 server_host_algorithms: ssh-dss
    847 server_host_algorithms: rsa-sha2-512-cert-v01@openssh.com
    847 server_host_algorithms: rsa-sha2-256-cert-v01@openssh.com
    832 server_host_algorithms: ssh-rsa-cert-v01@openssh.com
...

MAC algorithms offered:

  64134 mac_algorithms: hmac-sha2-256
  64120 mac_algorithms: hmac-sha2-512
  62094 mac_algorithms: hmac-sha2-256-etm@openssh.com
  62066 mac_algorithms: hmac-sha2-512-etm@openssh.com
  61446 mac_algorithms: umac-128-etm@openssh.com
  61035 mac_algorithms: umac-128@openssh.com
  60644 mac_algorithms: hmac-sha1
  59133 mac_algorithms: hmac-sha1-etm@openssh.com
  54943 mac_algorithms: umac-64@openssh.com
  54675 mac_algorithms: umac-64-etm@openssh.com
...

Encryption algorithms offered:

  64588 encryption_algorithms: aes256-ctr
  64024 encryption_algorithms: aes128-ctr
  60953 encryption_algorithms: aes256-gcm@openssh.com
  60401 encryption_algorithms: aes128-gcm@openssh.com
  60109 encryption_algorithms: chacha20-poly1305@openssh.com
  59000 encryption_algorithms: aes192-ctr
  18820 encryption_algorithms: aes128-cbc
  18790 encryption_algorithms: aes256-cbc
  14933 encryption_algorithms: 3des-cbc
  14679 encryption_algorithms: aes192-cbc
  13638 encryption_algorithms: blowfish-cbc
  13459 encryption_algorithms: cast128-cbc
...

RSA modulus in case of RSA negotiation:

  36512 binlog(RSA_modulus_n): 2048
  25764 binlog(RSA_modulus_n): 3072
   1134 binlog(RSA_modulus_n): 4096
    233 binlog(RSA_modulus_n): 1024
...

My other blog posts about SSH protocol dissected: 1, 2, 3, 4.

(the post first published at 20240523, updated (typo) 20241021.)

List of my other blog posts.

Subscribe to my news feed,

Yes, I know about these lousy Disqus ads. Please use adblocker. I would consider to subscribe to 'pro' version of Disqus if the signal/noise ratio in comments would be good enough.