cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

SSH Version Check

hello

I am new to checkpoint and I would like to know how can I check which SSH version is being configured in the checkpoint devices.

Currently I have VSX clusters running R75.40VS and R77.30.

Usually, if I want to check the SSH version I can change SSH protocol version in putty to 1 and try to login to the VSX device.

But if I want to check which SSH version that is allowed in the VSX devices, How Can I do that?

Also, if I want to configure SSH Version 1 on the VSX device how can i do that?

Your Help would be much appreciated.

0 Kudos
5 Replies
Admin
Admin

Re: SSH Version Check

By default, only SSHv2 is supported in all versions of Gaia and SecurePlatform.

This is because SSHv1 is considered not secure.

If you don't mind me asking, what is your reason for needing to enable SSHv1?

0 Kudos

Re: SSH Version Check

Hi

Thanks for the response.

I am working on checkpoint now and I am new to it.

I know in cisco we can check and configure the ssh version in ASA firewall. I just wanted to know if checkpoint has similar feature or it supports only SSHv2 by default.

I would also like to ask another question, the service object for ssh(tcp port 22) in smartdashboard, does it allow only sshv2 or both sshv1 and sshv2. 

Also, if that service object allows both sshv1 and sshv2, is there a way to configure that to allow only sshv2.

Thank in advance

Ravi

0 Kudos
Admin
Admin

Re: SSH Version Check

I believe it's possible to enable SSHv1 by editing /etc/ssh/sshd_config and restarting sshd.

I haven't tried it and don't necessarily recommend it.

The "ssh" service allows SSHv1 and SSHv2.

If you want to enforce the use of SSHv2, there is a separate service called ssh_version_2 that only allows SSHv2.

0 Kudos

Re: SSH Version Check

Thanks for your response.

This sshv2 service, is it predefined or we have to define it when we are creating our policy?

If we were to define it, how can I do that?

Thanks 

Ravi

0 Kudos
Admin
Admin

Re: SSH Version Check

It’s predefined

0 Kudos