Conclusion

We have described the problem of
measuring deployed SSH v2 servers and
finding vulnerable SSH software.

Implemented ScanSSH, an efficient SSH scanner.

We measured the deployment of SSH servers on the Internet and showed how ScanSSH has been used to update vulnerable serverrs.

ScanSSH is available at
http://www.monkey.org/~provos/scanssh/