Skip to main content
Skip table of contents

Supported Platforms for Authenticated SSH Scanning

Purpose

This document is an overview of the different levels of access using SSH for authenticated scanning in OUTSCAN or HIAB.

Introduction

There is no fixed list of platforms that are supported in Authenticated Scanning using SSH. It varies from architecture to architecture and from configuration to configuration.

From a technical standpoint, OP24 generally support authenticating to everything that speaks compliant SSH, and is configured to have cryptographic support that overlaps with OP24.

Depending on configuration, OP24 support the major GNU/Linux distributions, macOS, the more modern SSH-compliant Cisco devices (excluding some old Cisco devices,), and some network appliances such as BIG-IP TMOS, Arista, Juniper devices and so on.

Requirements

The targets need to have at least one from the lists configured for ciphers, kex, and macs.

Option

Value

Ciphers

aes256-ctr
aes192-ctr
aes128-ctr
aes256-cbc
aes192-cbc
aes128-cbc
3des-cbc
blowfish-cbc

MAC hashes

hmac-sha2-512
hmac-sha2-256
hmac-sha1
none

Key Exchange Methods

curve25519-sha256@libssh.org
ecdh-sha2-nistp256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

sshd_config example:

CODE 
Ciphers aes256-ctr,aes192-ctr
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256
MACs hmac-sha2-512,hmac-sha2-256

Platforms

Outpost24 supports scanning platforms over SSH as long as the platform passes the commands to a supported shell. Commands are sent over the exec channel in SSH, and not over the shell channel. As such, platforms which do not implement this channel, or implement it incorrectly, will have limited or no support.

Fully supported

The best results will be from the most standardized GNU/Linux distributions, where we can query the package manager databases to obtain a list of installed packages. This includes distributions such as CentOS, RHEL, Debian, Ubuntu and other similar "standard" distributions. 

On these systems, we generally also manage to run vulnerability-specific checks, such as Shellshock tests directly against bash, or searching the file system for log4j-affected applications that are installed outside of the package manager.

Best-Effort Supported

Devices or appliances from vendors such as Cisco, Juniper, BIG-IP, or Citrix are generally supported, but to a lower degree. Commands that we execute usually find firmware/OS versions to act upon, but vulnerability-specific checks may or may not work.

Platforms such as IBM AIX, Solaris, and HP-UX also typically fall under this category - we manage to authenticate and manage to run a subset of commands, generally enough to determine some form of platform version, but with limited to no support for the vulnerability-specific checks. 

Not Supported

Devices that do not implement SSH correctly, for example older Cisco devices, are not supported. 

Devices that use esoteric shell implementations are not supported - for example, smaller network appliance vendors, or SSH on Windows.



Copyright

© 2025 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close