Ssh Posts

Rumble v1.16 Rumble Network Discovery 1.16 is out, helping you find duplicate SSH keys, monitor for rogue remote access solutions, and collect device serial numbers and asset tags. Finding Duplicate SSH Host Keys Rumble excels at finding outliers on the network, and finding duplicate SSH keys is one application of this. Vulnerability scanners can find a known bad SSH keys but they don’t look for duplicate keys. Rumble collects all SSH key MD5 hashes and then pivots over the SSH host key MD5 to find keys that exist more than once.
Rumble Network Discovery collects a ton of information by default. SSH versions, pre-authentication banners, and SSH host keys are collected regardless of what port SSH is running on. SSH host keys in particular are an example of something that should always be unique on the network, but often isn’t, with real-world security implications. Unless you knew what the value of the duplicate SSH key was, this used to be a difficult problem to solve.