https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/168117#M27949 <P>It is not possible to update the OpenSSH version independently of the version of the Security Gateway.<BR />In R81.20, we also distribute OpenSSH_7.8p1.<BR />Having said that, we also evaluate the various CVEs filed against OpenSSH and patch our versions accordingly, if necessary.<BR />See: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65269" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65269</A></P> Tue, 17 Jan 2023 20:41:56 GMT PhoneBoy 2023-01-17T20:41:56Z https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/167999#M27914 <P>Hi,</P><P>&nbsp;</P><P>We have just had a pen test done on our Checkpoint management server which is running R810.10 take 79 and it has stated we have OpenSSH version 7.8 installed and this needs to be upgraded to version 9.1. From the pen test is says the system is running OpenSSH version 7.8p1 which has known flaw that allows Man-in-the-Middle attacks.&nbsp;A successful attack can expose privileged encrypted data.</P><P>Does anyone know if OpenSSH can be upgraded on this version of R81.10?</P><P>&nbsp;</P><P>Thanks.</P> Tue, 17 Jan 2023 01:36:31 GMT https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/167999#M27914 Ross_Wood 2023-01-17T01:36:31Z https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/168011#M27919 <P>Please review&nbsp;<SPAN>sk100647 &amp;&nbsp;sk65269. I do not think the results of your penetration tests are valid.</SPAN></P> Tue, 17 Jan 2023 07:43:55 GMT https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/168011#M27919 _Val_ 2023-01-17T07:43:55Z https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/168117#M27949 <P>It is not possible to update the OpenSSH version independently of the version of the Security Gateway.<BR />In R81.20, we also distribute OpenSSH_7.8p1.<BR />Having said that, we also evaluate the various CVEs filed against OpenSSH and patch our versions accordingly, if necessary.<BR />See: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65269" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65269</A></P> Tue, 17 Jan 2023 20:41:56 GMT https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/168117#M27949 PhoneBoy 2023-01-17T20:41:56Z https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/168139#M27959 <P>The alphanumeric version code isn't sufficient to determine exposure.</P> <P>Some related previous discussion is available here:</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159513" target="_blank" rel="noopener">https://community.checkpoint.com/t5/Security-Gateways/ssh-version-hide-while-telnet-to-gateway-port-22/m-p/159513</A>&nbsp;</P> Wed, 18 Jan 2023 00:00:37 GMT https://community.checkpoint.com/t5/General-Topics/OpenSSH-upgrade-R81-10/m-p/168139#M27959 Chris_Atkinson 2023-01-18T00:00:37Z