The State of SSH on the Internet: Key Findings from 34M+ Hosts

Introduction

SSH (Secure Shell) remains one of the most widely deployed protocols on the internet. Using Zondex's database of over 34 million indexed hosts, we analyzed the current state of SSH deployment globally.

Key Findings

1. SSH Version Distribution

OpenSSH dominates the SSH landscape, accounting for over 90% of all SSH servers indexed by Zondex. Here's the breakdown:

• OpenSSH 8.x: 38% of all SSH servers
• OpenSSH 7.x: 29% — still widely deployed
• OpenSSH 9.x: 18% — growing adoption
• OpenSSH 6.x and older: 8% — concerning legacy deployments
• Other implementations: 7% — including Dropbear, libssh, etc.

2. Geographic Distribution

The top 5 countries by SSH host count:

1. United States — hosting the most SSH servers globally
2. China — significant growth in recent years
3. Germany — major European hub
4. France — strong hosting infrastructure
5. Japan — key Asia-Pacific presence

3. Non-Standard Ports

While port 22 remains the default, we found significant SSH deployments on alternative ports:

• Port 2222: Common alternative, often used by containers
• Port 22222: Another popular alternative
• Port 2022: Frequently used in development environments

4. Security Concerns

We identified several concerning patterns:

• Outdated versions: ~8% of SSH servers run versions with known vulnerabilities
• Default configurations: Many servers still advertise full version strings
• Weak key exchange: Some servers still support deprecated algorithms

How to Search

Explore SSH data on Zondex:

• All SSH servers
• SSH on port 22
• SSH on non-standard ports

Conclusion

While SSH security has generally improved over time, the persistence of outdated versions and configurations presents ongoing risks. Organizations should regularly audit their SSH deployments and ensure they're running current, properly configured versions.