For this lab, you can use your Ubuntu machine or either of your CentOS machines. Let's get started:

1. ssh_scan isn't in the repositories of any of our Linux distributions. It's written in the Ruby language and comes packaged as a Ruby gem. To get started, we need to install the ruby and gem packages. On Ubuntu, do the following:

sudo apt update
sudo apt install ruby gem

On CentOS 7, do the following:

sudo yum install ruby gem

On CentOS 8, do the following:

sudo dnf install ruby gem

2. Install the ssh_scan gem by using the following command:

sudo gem install ssh_scan

3. In all cases, the ssh_scan executable will be installed in the /usr/local/bin/ directory. A long-standing quirk of CentOS is that if you use sudo to invoke a command in that directory, the system won't find it, even though the directory is in the root user's PATH setting. The workaround is to create a symbolic link to ssh_scan in the /usr/bin/ directory. On CentOS only, do the following:

sudo ln -s /usr/local/bin/ssh_scan /usr/bin/ssh_scan

4. There's no man page for ssh_scan. To see the list of command options, use the following command:

sudo ssh_scan -h

5. Scan the server VM that you created and configured in the previous labs. Substitute your own IP address for the one I'm using here. Note how the screen output is in JSON format. Also, note that even if you haven't created a key pair on the scanner machine, the scan still works against machines that have had username/password authentication disabled (but, of course, you won't be able to log in from the scanner machine):

sudo ssh_scan -t 192.168.0.7

6. Repeat the scan, but this time, save the output to a .json file, like so:

sudo ssh_scan -t 192.168.0.7 -o ssh_scan-7.json

7. You can open the JSON file in a normal text editor or pager, but it will look better if you open it in a web browser. Transfer the file to a machine that has a desktop interface and open it in your preferred web browser. It should look something like this:

8. You'll see a complete list of all of the algorithms that are enabled. At the bottom, you'll see recommendations on which algorithms you should either enable or disable. Since ssh_scan is a Mozilla Foundation project, it's using Mozilla's own recommendations as its policy guide. These aren't the same as what an agency such as NIST would recommend. So, you'll want to compare your results with the standards that are applicable to your circumstances, such as NIST's CNSA standard, to be sure you enable or disable the right things.
9. On either your host machine or a VM with a desktop interface, visit the Shodan website at https://www.shodan.io. Type ssh into the search window and observe the list of internet-facing SSH servers that comes up. Click on different IP addresses until you find an SSH server that's not running on the default port 22. Observe the list of enabled algorithms for that device.
10. Scan the device, using the -p switch to scan the different port, like so:

sudo ssh_scan -t 178.60.214.30 -p 222 -o ssh_scan-178-60-214-30.json

Note that in addition to the list of enabled algorithms that you saw on Shodan, you now have a list of weak ones that the owner of this device needs to disable.

11. Keep both this scanner and this server VM handy, because we'll use them again after we disable some algorithms.

You've reached the end of the lab – congratulations!

Okay; let's disable some of the creaky, old, and weak stuff.