https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159519#M27931 <P>Openssl or Openssh?</P> <P>I don't think this is possible per the RFC that pertains to SSH which states this info MUST be included from memory.</P> <P>Our implementation is a hardened version, the numeric value in this case is not necessarily representative of the patch level and as such is masked.</P> <P>&nbsp;</P> Fri, 14 Oct 2022 09:11:44 GMT Chris_Atkinson 2022-10-14T09:11:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159513#M27930 <P>Hi,&nbsp;</P><P>when i telnet to gateway port 22 that will shows our openssl version details how to change this or how to hide this?&nbsp;</P><P>i have tried to edit /sbin/ssh file. but its cannot edit its non readerble format&nbsp;</P><P>&nbsp;</P><P>Kindly advice.&nbsp;</P><P>Thank you.</P> Fri, 14 Oct 2022 07:50:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159513#M27930 Duminda_SAT 2022-10-14T07:50:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159519#M27931 <P>Openssl or Openssh?</P> <P>I don't think this is possible per the RFC that pertains to SSH which states this info MUST be included from memory.</P> <P>Our implementation is a hardened version, the numeric value in this case is not necessarily representative of the patch level and as such is masked.</P> <P>&nbsp;</P> Fri, 14 Oct 2022 09:11:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159519#M27931 Chris_Atkinson 2022-10-14T09:11:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159665#M28008 <P>Hi Chris, thank you so much for the update.</P><P>can we upgrade the OpenSSH version because we had scanning using Nessus it's showing below high CVE for OpenSSH. one of our gateway running with R80.30 Take 254. we have planned to upgrade next month. until now we need to fix this openssh issue. kindly advice.&nbsp;</P><P>CVE-2016-20012,<BR />CVE-2020-15778,<BR />CVE-2021-36368</P><P>&nbsp;</P><P>Thank you,</P><P>Duminda</P><P>&nbsp;</P> Mon, 17 Oct 2022 02:54:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159665#M28008 Duminda_SAT 2022-10-17T02:54:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159667#M28010 <P>As indicated above solely the version reported is not representative of exposure to a given CVE.</P> <P><SPAN>Moreover</SPAN><SPAN>&nbsp;note the "Disputed" status of each of those CVEs...</SPAN></P> <P>&nbsp;</P> <P>Refer also:<BR /><A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65269&amp;partition=Basic&amp;product=All" target="_blank">sk65269: Status of<SPAN>&nbsp;</SPAN><STRONG>OpenSSH</STRONG><SPAN>&nbsp;</SPAN>CVEs</A><BR /><A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100647&amp;partition=Basic&amp;product=All" target="_blank">sk100647: Check Point response to common<SPAN>&nbsp;</SPAN><STRONG>false</STRONG><SPAN>&nbsp;</SPAN><STRONG>positives</STRONG><SPAN>&nbsp;</SPAN>scanning results</A><BR /><BR /></P> Mon, 17 Oct 2022 03:22:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159667#M28010 Chris_Atkinson 2022-10-17T03:22:10Z