Description
Secure Shell (SSH) is an encrypted network protocol to allow remote login and other network services to operate securely over an unsecured network by providing an authenticated and encrypted channel. All modern SSH clients and servers support the more secure SSH protocol version 2, and any version older is exploitable and obsolete. Version 1 of the SSH protocol contains fundamental weaknesses including a design flaw that allows a man-in-the-middle attack. Findings are removed automatically if they have not been observed for more than 30 days.
How is this issue discovered?
Remediation
Configure the SSH service to support only SSH protocol version 2 or higher. Upgrade the SSH service software to the latest version of software.
Note: All OpenSSH versions between 5.4 and 7.1 are vulnerable, but can be easily hot-fixed by setting the undocumented option "UseRoaming" to "no", as detailed in the Mitigating Factors section. OpenSSH version 7.1p2 (released on January 14, 2016) disables roaming by default.
How can this issue be resolved?
- I have fixed this
- SSH connections to the host are now being rejected or timed-out.
- The protocol is now updated to the latest patch.
- The host has been removed from the network, SSH is now not possible to the IP.
- I have a compensating control
- This is a test server environment and all connections are monitored.
- This is not my IP or domain
- This does not belong to our company, it belongs to (x).
- The IP is no longer part of our network.
- I cannot reproduce this issue and I think it’s incorrect
- The SSH protocol is updated to the latest version, there is no vulnerable protocol in place.
- The IP is no longer online, the finding is not valid.