SSF Server Detection
Low Nessus Network Monitor Plugin ID 4422
SynopsisThe remote version of the SSH server is no longer maintained.
DescriptionAccording to its banner, the remote SSH server is a SSF derivative. SSF had been written to be compliant with restrictive laws on cryptography in some European countries. These regulations have been softened and OpenSSH received a formal authorization from the French administration in 2002 and the development of SSF has been discontinued. SSF is based upon an old version of OpenSSH and it implements an old version of the protocol. As it is no longer maintained, it might be vulnerable to dangerous flaws.
SolutionRemove SSF and install an up-to-date version of OpenSSH.