How to find the OpenSSH version

SSH or Secure Shell is a popular protocol for doing system administration on Linux systems. Sometimes you may need to know what version you are running to know if some specific configuration options are available. In this article we have a look at the available options.

Local OpenSSH version

The easiest way to find the installed OpenSSH version is using the ssh -V command. This works when being logged in to the system itself.

# ssh -V
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022

So this system is running the 8.9p1 version of OpenSSH.

Query installed package version

Another option is by looking at the package version itself, as that typically gives a good hint about the version as well.

# dpkg -l openssh* | grep ssh
ii  openssh-client      1:8.9p1-3ubuntu0.6 amd64        secure shell (SSH) client, for secure access to remote machines
ii  openssh-server      1:8.9p1-3ubuntu0.6 amd64        secure shell (SSH) server, for secure access from remote machines
ii  openssh-sftp-server 1:8.9p1-3ubuntu0.6 amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines

Note: the additional grep is used to strip out the headers from the output and make the output less noisy

Linux distributionCommand
Alma Linuxrpm -qa openssh*
Debiandpkg -l openssh*
RHELrpm -qa openssh*
Ubuntudpkg -l openssh*

Using another distribution in this list and know the command? Let it know!

Remote version of OpenSSH server

The version of the server might be different than locally installed. The version can easily been seen by connecting to the other system and use the verbose mode option -v.

# ssh -v localhost
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/michael/.ssh/id_rsa type -1
debug1: identity file /home/michael/.ssh/id_rsa-cert type -1
debug1: identity file /home/michael/.ssh/id_ecdsa type -1
debug1: identity file /home/michael/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/michael/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/michael/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/michael/.ssh/id_ed25519 type -1
debug1: identity file /home/michael/.ssh/id_ed25519-cert type -1
debug1: identity file /home/michael/.ssh/id_ed25519_sk type -1
debug1: identity file /home/michael/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/michael/.ssh/id_xmss type -1
debug1: identity file /home/michael/.ssh/id_xmss-cert type -1
debug1: identity file /home/michael/.ssh/id_dsa type -1
debug1: identity file /home/michael/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 pat OpenSSH* compat 0x04000000

Note: replace localhost with the IP address or hostname of the server

Do you know about an alternative method to find details about the OpenSSH version?

Take the next step!

Want to learn more about Linux security? Have a look at the open source tool Lynis and become a Linux security expert yourself.

Lynis is a battle-tested technical security audit tool. It is open source, freely available, and used by system administrators all over the world. Other users include IT auditors, security professionals, like pentesters.

Tool Information

Visit project page
Screenshot of Lynis security tool