The fastest way to audit your SSH server online — detect weak ciphers, outdated algorithms, and known vulnerabilities like Terrapin (CVE-2023-48795), SWEET32, and Logjam in seconds. Free SSH checker, no registration.
Enter a public hostname or IP. Port 22 is the default SSH port. Scans run server-side using the ssh-audit tool by Joe Testa.
Our free online SSH checker connects to your server on the specified port and negotiates the SSH handshake to enumerate all supported algorithms. It then cross-references each algorithm against a database of known weaknesses, CVEs, and best-practice recommendations — the same engine used by the ssh-audit tool by Joe Testa.
Works with any public SSH server — OpenSSH, Dropbear, Cisco, Juniper, and more. Supports custom ports.
The SSH scanner tests key exchange (KEX), host key, encryption cipher, and MAC algorithms — typically completing in 10–30 seconds. Detects weak credentials, deprecated algorithms, and Terrapin vulnerability.
Receive an A–F grade, a 0–100 score, CVE vulnerability list, and exact sshd_config lines to fix every issue found. Download a printable report.
An SSH audit is a security assessment of an SSH server's configuration. It checks which cryptographic algorithms — key exchange, ciphers, MACs, and host keys — are enabled and flags weak or deprecated ones. It also detects known CVE vulnerabilities such as Terrapin (CVE-2023-48795), SWEET32, and Logjam. The ssh-audit tool by Joe Testa automates this process.
Enter your server's hostname or IP address in the scan box at the top of this page and click Audit. This free online SSH checker connects to your server, tests all supported algorithms, and returns a detailed security report with a grade (A–F) and specific sshd_config recommendations within 10–30 seconds. No software installation or registration needed.
Terrapin (CVE-2023-48795) is a prefix truncation attack against the SSH Binary Packet Protocol. It allows a man-in-the-middle attacker to silently drop or modify the first few messages of an SSH connection. Use our free SSH Terrapin checker above to scan your server. The fix is to upgrade to OpenSSH 9.6 or later and enable strict key exchange.
Use the free SSH cipher scanner above — enter your server IP or hostname and click Audit. It lists every cipher, MAC, and key exchange algorithm your server supports and flags weak ones like 3des-cbc, arcfour, hmac-md5, hmac-sha1, diffie-hellman-group1-sha1, and ssh-dss with specific removal recommendations.
ssh-audit is an open-source SSH server and client auditing tool created by Joe Testa (github.com/jtesta/ssh-audit). It analyses SSH configurations for weak algorithms, known vulnerabilities, and compliance issues. sshaudit.online provides a free web interface to run ssh-audit against any public SSH server without installing any software.
To harden your SSH server: disable weak ciphers and algorithms in /etc/ssh/sshd_config, use only strong key exchange algorithms like curve25519-sha256, enable only modern ciphers like chacha20-poly1305 and aes256-gcm, disable password authentication, and use SSH keys. See our SSH hardening guides for Ubuntu, Debian, Rocky Linux, and Amazon Linux.
Yes. sshaudit.online is a fully browser-based online SSH test tool. Enter any public IP or hostname, click Audit, and get a full SSH security report in seconds. No downloads, no registration, no API keys required. It works on any device with a browser.