- Fun, I didn’t know about this. =) 
 
- i am so happy that this didn’t get downvoted to oblivion. thanks! 
- Cool,.but from the post it seems like all it does is: - Recommend disabling old algorithms, which you would have already done if you followed a modern hardening guide like https://infosec.mozilla.org/guidelines/openssh
- Detect if you are running a known-vulnerable version of OpenSSH, which wouldn’t be an issue if you keep good patch hygiene and install your SSH server through you operating systems’ package manager
 - So what’s the point? Who is this for? - Scripting, to confirm that a large fleet of boxes are all running according to your policy. Verification that the config you want is actually the config you have. - This is exactly what I use it for 👌 very handy for this 
 
 
- Thanks for pushing the awareness. 
- Personally I made sure SSH is only accessible when connected through a VPN setup for that purpose. As in, that same machine hosts a Wireguard setup (through Tailscale) and you need to connect to that first before SSH is available. And then SSH also only accepts key-based authentication. I don’t think I need more than that? - What if wireguard has issues? Then you cant ssh in to fix - that really just depends on your scenario 
 
- Couldn’t you just use ssh port forwarding? - If they use the VPN for other things too, it’s simpler this way 
 
 








