Results: SSH Statistics Gathering Project
A month or so ago I started an SSH Statistics gatherer with the hope of identifying high-level configuration details of SSH-2/SSH-1.99 servers in the USA. In running the tool for a couple of weeks I identified 46,250 SSH Servers that meet the basic criteria (I'd like to do a survey of SSH Servers running older versions in the 1.x range at a later date). This post explains the results of the survey.
Important Notes
You will notice as you look through the data that there are cases where individual detected values seem a bit garbled. The script which performed the statistics gathering was configured to receive up to 8KB from the target server it connected to, so there is opportunity for responses to be clipped. I've left the values as-is to try and not distort the dataset.
Other notes about the data:
- 0.0.0 means the SSH Server did not report a software version
- Even if you see an SSH Version of less than 1.99 in the list, the server responded to an SSH 2.0 handshake
- By the same token: If you see an SSH Version of 2.0, it was pulled directly from the SSH handshake with the server (nothing was extrapolated)
- There are some FTP servers that seemed be running on port 22, which probably explains some of the odd Software names/versions
Summary Facts
Server Count: 46,250
Servers which present Languages: 65
Distinct Encryption Algorithm Count: 52
Count of instances where STC does not match CTS: 11
Distinct Key Exchange Algorithm Count: 32
Distinct Count of Host Key Algorithms: 10
Distinct Count of Message Authentication Code Types: 75
Count of instances where STC does not match CTS: 8,107
Distinct Compression Algorithms Detected: 6
Distinct Count of Server Software Detected: 416
Detailed Facts
Compression Algorithms Detected
- none: 38133
- zlib@openssh.com: 35607
- zlib: 731
- zlib@ope: 29
- zlib@open: 1
- zlib@openssh: 1
Host Key Algorithms Detected
- ssh-rsa: 45871
- ssh-dss: 39460
- ecdsa-sha2-nistp256: 14719
- ssh-ed25519: 11457
- rsa-sha2-256: 2714
- rsa-sha2-512: 2714
- ecdsa-sha2-nistp521: 45
- ecdsa-sha2-nistp384: 10
- : 6 (Cisco devices of some sort responded with ' ')
- ssh-rsa-sha256@ssh.com: 2
Top 10 Languages Detected
- en-US (64)
- i-default (37)
- es-MX (34)
- en-CA (34)
- fr-CA (34)
- fr (31)
- es (31)
- zh-TW (7)
- de-DE (7)
- it-IT(7)
Bottom 10 Languages Detected
- it-CH (3)
- ii-CN (3)
- bs-BA (3)
- kn-IN (3)
- km-KH (3)
- hy-AM (3)
- ga-IE (3)
- fr-SN (3)
- gu-IN (3)
- de-BE (3)
Key Exchange Algorithms Detected
- diffie-hellman-group14-sha1: 44397
- diffie-hellman-group-exchange-sha256: 41547
- diffie-hellman-group1-sha1: 41547
- diffie-hellman-group-exchange-sha1: 40054
- ecdh-sha2-nistp256: 16108
- ecdh-sha2-nistp384: 16107
- ecdh-sha2-nistp521: 16091
- curve25519-sha256@libssh.org: 13082
- diffie-hellman-group14-sha256: 267
- diffie-hellman-group18-sha512: 261
- diffie-hellman-group16-sha512: 261
- curve25519-sha256: 74
- gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==: 39
- rsa1024-sha1: 17
- ecdh-sha2-1.3.132.0.10: 16
- gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==: 15
- gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==: 10
- ext-info-s: 4
- session is active now: 3
- please try again later: 3
- er of ssh sessions are active: 3
- please try again: 3
- diffie-hellman-group1-sha256diffie-hellman-group14-sha1: 3
- diffie-hellman-group15-sha512: 2
- sm2kep-sha2-nistp256: 2
- diffie-hellman-group14-sha256@ssh.com: 2
- ER-2017 1.0.0 not understood: 1
- her-2017_1.0.0 : command not understood.: 1
- none: 1
- ffer.: 1
- diffie-hellman-group1-sha256: 1
- .: 1
Message Authentication codes Detected
- hmac-sha1: 45590
- hmac-md5: 40232
- umac-64@openssh.com: 33628
- hmac-sha1-96: 31619
- hmac-ripemd160: 31614
- hmac-sha2-256: 31378
- hmac-sha2-512: 31328
- hmac-md5-96: 31174
- hmac-ripemd160@openssh.com: 30950
- hmac-sha2-256-etm@openssh.com: 13283
- hmac-sha2-512-etm@openssh.com: 13282
- umac-128-etm@openssh.com: 13165
- umac-64-etm@openssh.com: 13089
- hmac-sha1-etm@openssh.com: 13085
- hmac-ripemd160-etm@openssh.com: 8747
- hmac-md5-etm@openssh.com: 8677
- hmac-sha1-96-etm@openssh.com: 8596
- hmac-md5-96-etm@openssh.com: 8410
- umac-128@openssh.com: 5563
- umac-64@: 4852
- hmac-sha2-256-96: 2577
- hmac-sha2-512-96: 2563
- umac-64@openssh.: 1668
- umac-128: 192
- hmac-md5-96-etm: 142
- hmac-s: 140
- hmac-ripemd160@openssh.co: 84
- hmac: 44
- none: 39
- hmac-md5-96-etm@opens: 29
- hmac-md: 28
- hmac-: 27
- hmac-sha256@ssh.com: 25
- hmac-sha256: 25
- hmac-ripemd160@o: 22
- hmac-sha2-2: 18
- umac-32@openssh.com: 13
- hmac-ripemd: 13
- umac-96@openssh.com: 13
- hma: 12
- hmac-sh: 12
- hmac-sha256-96@ssh.com: 12
- hmac-sha1-96-etm: 10
- h: 9
- hmac-sha: 9
- hmac-ripemd160-etm@open: 7
- umac-12: 6
- hmac-rip: 5
- umac-64@open: 5
- hmac-ripemd160@op: 5
- hmac-ripemd160@openss: 4
- hmac-sha2-384: 3
- hmac-md5-96-etm@openssh.co: 3
- umac-128@ope: 3
- hmac-sha512: 3
- hm: 3
- hmac-md5-96-etm@ope: 3
- hmac-sha384: 2
- hmac-md5-96-etm@openssh.c: 2
- hmac-sha224: 2
- hmac-ripemd16: 2
- umac-128@openssh.: 2
- umac-128@: 2
- hmac-md5-96-etm@openssh: 1
- umac-128@openss: 1
- hmac-sha512@ssh.com: 1
- hmac-sha2-224: 1
- hmac-sha1-96-etm@op: 1
- aes128-gcm: 1
- umac: 1
- umac-64@op: 1
- aes256-gcm: 1
- hmac-ripemd160-etm@openssh.: 1
- umac-64@openssh.co: 1
- hmac-ripemd160@ope: 1
Encryption Algorithms Detected
- aes256-ctr: 44590
- aes192-ctr: 44395
- aes128-ctr: 44317
- 3des-cbc: 40912
- aes128-cbc: 40041
- aes256-cbc: 39989
- aes192-cbc: 39624
- blowfish-cbc: 39354
- arcfour: 38971
- cast128-cbc: 38911
- rijndael-cbc@lysator.liu.se: 38811
- arcfour256: 38627
- arcfour128: 38617
- aes256-gcm@openssh.com: 13147
- aes128-gcm@openssh.com: 13141
- chacha20-poly1305@openssh.com: 12930
- twofish256-cbc: 268
- twofish128-cbc: 268
- twofish-cbc: 258
- 3des-ctr: 139
- none: 131
- des: 70
- 3des: 67
- rijndael256-cbc: 44
- rijndael192-cbc: 42
- rijndael128-cbc: 42
- blowfish-ctr: 18
- des-cbc: 17
- twofish192-cbc: 14
- idea-cbc: 13
- twofish128-ctr: 12
- cast128-ctr: 12
- twofish256-ctr: 12
- serpent192-cbc: 12
- serpent256-cbc: 12
- serpent128-cbc: 12
- twofish-ctr: 9
- ae: 5
- serpent256-ctr: 3
- idea-ctr: 3
- serpent192-ctr: 3
- twofish192-ctr: 3
- serpent128-ctr: 3
- seed-cbc@ssh.com: 2
- twofis: 1
- des-cbc-ssh1: 1
- des-cbc@ssh.com: 1
- aes: 1
- aes128-gcm: 1
- aes2: 1
- aes256-gcm: 1
- acss@openssh.org: 1
Top 50 SSH Server Applications by Name, Version and Protocol
- OpenSSH - 5.3 - SSH-2.0: 23789
- OpenSSH - 6.6.1p1 Ubuntu - SSH-2.0: 5397
- OpenSSH - 6.6.1 - SSH-2.0: 2522
- OpenSSH - 4.3 - SSH-2.0: 2459
- OpenSSH - 7.2p2 Ubuntu - SSH-2.0: 2201
- OpenSSH - 5.9p1 Debian - SSH-2.0: 1341
- OpenSSH - 6.7p1 Debian - SSH-2.0: 1308
- OpenSSH - 6.0p1 Debian - SSH-2.0: 1181
- dropbear - 0.46 - SSH-2.0: 733
- OpenSSH - 5.5p1 Debian - SSH-2.0: 464
- OpenSSH - 5.8 - SSH-2.0: 360
- OpenSSH - 6.6p1 Ubuntu - SSH-2.0: 338
- Cisco - 1.25 - SSH-1.99: 184
- OpenSSH - 7.2 - SSH-2.0: 166
- OpenSSH - 6.4 - SSH-2.0: 165
- OpenSSH - 6.9p1 Ubuntu - SSH-2.0: 151
- Cisco - 1.25 - SSH-2.0: 139
- OpenSSH - 5.3p1 Debian - SSH-2.0: 138
- ROSSSH - 0.0.0 - SSH-2.0: 132
- OpenSSH - 7.3 - SSH-2.0: 122
- OpenSSH - 6.7 - SSH-2.0: 113
- OpenSSH - 6.6 - SSH-2.0: 113
- dropbear - 0.51 - SSH-2.0: 108
- RomSShell - 4.31 - SSH-2.0: 97
- OpenSSH - 6.6.1p1 Debian - SSH-2.0: 96
- OpenSSH - 5.9 - SSH-2.0: 84
- OpenSSH - 7.1 - SSH-2.0: 79
- OpenSSH - 5.2 - SSH-2.0: 76
- OpenSSH - 6.2 - SSH-2.0: 73
- OpenSSH - 5.1p1 Debian - SSH-2.0: 68
- OpenSSH - 7.2 FreeBSD - SSH-2.0: 68
- OpenSSH - 6.2p2 Ubuntu - SSH-2.0: 67
- OpenSSH - 7.4 - SSH-2.0: 59
- RomSShell - 4.61 - SSH-2.0: 52
- dropbear - 0.52 - SSH-2.0: 51
- WS - FTP - SSH-2.0: 49
- OpenSSH - 7.3p1 Ubuntu - SSH-2.0: 47
- OpenSSH - 6.1 - SSH-2.0: 45
- OpenSSH - 6.7p1 Ubuntu - SSH-2.0: 45
- OpenSSH - 5.6 - SSH-2.0: 43
- OpenSSH - 3.9p1 - SSH-2.0: 39
- Sun - SSH - SSH-2.0: 37
- OpenSSH - 6.0 - SSH-2.0: 37
- OpenSSH - 3.9p1 - SSH-1.99: 37
- OpenSSH - 6.9 - SSH-2.0: 35
- OpenSSH - 6.1p1 Debian - SSH-2.0: 34
- OpenSSH - 5.1p1 FreeBSD - SSH-2.0: 32
- OpenSSH - 6.8 - SSH-2.0: 28
- NetScreen - SSH-2.0: 28
- OpenSSH - 5.4 - SSH-2.0: 25
Bottom 75 SSH Server Applications by Name, Version and Protocol
- 8t29r - 0.0.0 - SSH-2.0: 1
- 3SoU6q7 - 0.0.0 - SSH-2.0: 1
- OpenSSH - 4.0 - SSH-2.0: 1
- qfxs1glyJ17 - 0.0.0 - SSH-2.0: 1
- MFzhc - 0.0.0 - SSH-2.0: 1
- 8aNW9 - 0.0.0 - SSH-2.0: 1
- ptinhDiLK8o - 0.0.0 - SSH-2.0: 1
- ZLXX5eJF - 0.0.0 - SSH-2.0: 1
- nk5PXy - 0.0.0 - SSH-2.0: 1
- XDgUa - 0.0.0 - SSH-2.0: 1
- 1Q5MmxvE18 - M5O - SSH-2.0: 1
- u5PfMBscs - 0.0.0 - SSH-2.0: 1
- q - j9woF3izO57Hp - SSH-2.0: 1
- OpenSSH - 3.7p1 - SSH-1.99: 1
- 6GJ6W - 0.0.0 - SSH-2.0: 1
- CkANSIWiiGh0 - 0.0.0 - SSH-2.0: 1
- NqrBV - 0.0.0 - SSH-2.0: 1
- OpenSSH - 7.1p1 - SSH-2.0: 1
- DLIlC - 0.0.0 - SSH-2.0: 1
- fhZQasd - 0.0.0 - SSH-2.0: 1
- j - 8kh - SSH-2.0: 1
- yThB06Wmx - 0.0.0 - SSH-2.0: 1
- I - PTespnWSAPpGX - SSH-2.0: 1
- 7aIBn - 0.0.0 - SSH-2.0: 1
- rjVOB - 0.0.0 - SSH-2.0: 1
- 86qSvB - 0.0.0 - SSH-2.0: 1
- LXI67 - 0.0.0 - SSH-2.0: 1
- 1SHRv - - SSH-2.0: 1
- rto9 - - SSH-2.0: 1
- JdPUx7u1zQb0 - U - SSH-2.0: 1
- PPo2tuGPR6UL3pm - 0.0.0 - SSH-2.0: 1
- ZgNyJ - 0.0.0 - SSH-2.0: 1
- OpenSSH - 5.9 NetBSD - SSH-2.0: 1
- bb9jMDvtUi - 0.0.0 - SSH-2.0: 1
- Kh - 9f - SSH-2.0: 1
- TI4UM - azur - SSH-2.0: 1
- _OZ8O6 - 0.0.0 - SSH-2.0: 1
- _JgAJ - 0.0.0 - SSH-2.0: 1
- hW - wV - SSH-2.0: 1
- fB3zSl5Qc1 - 0.0.0 - SSH-2.0: 1
- 1a0z6 - 0.0.0 - SSH-2.0: 1
- bzPq9 - 0.0.0 - SSH-2.0: 1
- Syncplify - Me - SSH-2.0: 1
- Cisco - 1.25 - SSH-1.5: 1
- dropbear - 0.53.1 - SSH-2.0: 1
- Maverick - SSHD - SSH-2.0: 1
- 4oRWhu - - SSH-2.0: 1
- OpenSSH - 6.2 FreeBSD - SSH-2.0: 1
- OpenSSH - 5.4p1+sftpfilecontrol - SSH-2.0: 1
- 5.35 FlowSsh: Bitvise SSH Server (WinSSHD) 6.41 - 0.0.0 - SSH-2.0: 1
- qNRrvI - WIae - SSH-2.0: 1
- NTYsd - 0.0.0 - SSH-2.0: 1
- BOmUq8 - 0.0.0 - SSH-2.0: 1
- OpenSSH - 6.6p2 - SSH-2.0: 1
- S3Yjutrz - 0.0.0 - SSH-2.0: 1
- OpenSSH - 4.1 - SSH-1.99: 1
- OpenSSH - 3.8p1 - SSH-1.99: 1
- QY6W4P - 0.0.0 - SSH-2.0: 1
- CerberusFTPServer - 6.0 - SSH-2.0: 1
- OpenSSH - 5.8 - SSH-1.99: 1
- d1yPt - 0.0.0 - SSH-2.0: 1
- MassTransit - 0.0.0 - SSH-2.0: 1
- nQTRonLGR0r6R - 0.0.0 - SSH-2.0: 1
- GF0nu2yzyD - 0.0.0 - SSH-2.0: 1
- 8IYnY0PC - 0.0.0 - SSH-2.0: 1
- uVpmowsDiQzj - 0.0.0 - SSH-2.0: 1
- czd - C - SSH-2.0: 1
- k1dZU - 0.0.0 - SSH-2.0: 1
- 7wU - 458G - SSH-2.0: 1
- 5.23 FlowSsh: Bitvise SSH Server (WinSSHD) 6.04: free only for personal non - commercial use - SSH-2.0: 1
- R - 4QYJRT - SSH-2.0: 1
- BZPuky - 0.0.0 - SSH-2.0: 1
- OpenSSH - 3.0.2p1 - SSH-1.99: 1
- tvZda3M - 0.0.0 - SSH-2.0: 1
- FTP Today Server ready. - 0.0.0 - FTP: 1