This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ravindra_Katrag
Contributor
‎2017-09-11 12:08 PM

SSH Version Check

hello

I am new to checkpoint and I would like to know how can I check which SSH version is being configured in the checkpoint devices.

Currently I have VSX clusters running R75.40VS and R77.30.

Usually, if I want to check the SSH version I can change SSH protocol version in putty to 1 and try to login to the VSX device.

But if I want to check which SSH version that is allowed in the VSX devices, How Can I do that?

Also, if I want to configure SSH Version 1 on the VSX device how can i do that?

Your Help would be much appreciated.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2017-09-11 11:03 PM

By default, only SSHv2 is supported in all versions of Gaia and SecurePlatform.

This is because SSHv1 is considered not secure.

If you don't mind me asking, what is your reason for needing to enable SSHv1?

0 Kudos
Ravindra_Katrag
Contributor
‎2017-09-12 06:18 AM
In response to PhoneBoy

Hi

Thanks for the response.

I am working on checkpoint now and I am new to it.

I know in cisco we can check and configure the ssh version in ASA firewall. I just wanted to know if checkpoint has similar feature or it supports only SSHv2 by default.

I would also like to ask another question, the service object for ssh(tcp port 22) in smartdashboard, does it allow only sshv2 or both sshv1 and sshv2. 

Also, if that service object allows both sshv1 and sshv2, is there a way to configure that to allow only sshv2.

Thank in advance

Ravi

0 Kudos
PhoneBoy
Admin
Admin
‎2017-09-12 07:42 AM
In response to Ravindra_Katrag

I believe it's possible to enable SSHv1 by editing /etc/ssh/sshd_config and restarting sshd.

I haven't tried it and don't necessarily recommend it.

The "ssh" service allows SSHv1 and SSHv2.

If you want to enforce the use of SSHv2, there is a separate service called ssh_version_2 that only allows SSHv2.

0 Kudos
Ravindra_Katrag
Contributor
‎2017-09-13 06:33 AM
In response to PhoneBoy

Thanks for your response.

This sshv2 service, is it predefined or we have to define it when we are creating our policy?

If we were to define it, how can I do that?

Thanks 

Ravi

0 Kudos
PhoneBoy
Admin
Admin
‎2017-09-13 10:43 AM
In response to Ravindra_Katrag

It’s predefined

0 Kudos
Ravindra_Katrag
Contributor
‎2019-08-19 05:23 PM
In response to PhoneBoy

Hi

 

When I open the cat /etc/ssh/sshd_config file, I see the below result.

 

# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
Protocol 2  ----> Does this mean we are using only SSH v2 not SSH v1
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

 

Does Protocol 2 meas SSH v2?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events