SSF Server Detection

Low Nessus Network Monitor Plugin ID 4422

Synopsis

The remote version of the SSH server is no longer maintained.

Description

According to its banner, the remote SSH server is a SSF derivative. SSF had been written to be compliant with restrictive laws on cryptography in some European countries. These regulations have been softened and OpenSSH received a formal authorization from the French administration in 2002 and the development of SSF has been discontinued. SSF is based upon an old version of OpenSSH and it implements an old version of the protocol. As it is no longer maintained, it might be vulnerable to dangerous flaws.

Solution

Remove SSF and install an up-to-date version of OpenSSH.

See Also

http://perso.univ-rennes1.fr/bernard.perrot/SSF

Plugin Details

Severity: Low

ID: 4422

File Name: 4422.prm

Family: SSH

Published: 2008/03/12

Modified: 2016/01/15

Dependencies: 1967, 3059

Nessus ID: 31421

Risk Information

Risk Factor: Low

Vulnerability Information

CPE: cpe:/a:openbsd:openssh