?
Solved

SSH Protocol

Posted on 2009-05-14
3
Medium Priority
?
2,450 Views
Last Modified: 2012-06-27
I have a client who is trying to take Credit card payments for his website. To do this he had to become PCI compliant. To satisfy the PCI compliancy regs we are using a company called Security Metrics. They have scanned the system and all is well with one exception:

"The remote service offers an insecure cryptographic protocol. Description : The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution: Disable compatibility with version 1 of the protocol"

Basically I have to disable protocol 1 of SSH but I have no idea how to do this and neither do Security Metrics. I have tried 'googling' the question and it appears this is the answer but I do not know how to do this / find the location.

"SSH has two protocols it may use, protocol 1 and protocol 2. The older protocol 1 is less secure and should be disabled unless you know that you specifically require it. Look for the following line in the /etc/ssh/sshd_config file, uncomment it and amend as shown:
# Protocol 2,1
Protocol 2
and restart the sshd service"

My client has a very simple setup as follows:

Windows XP Pro with SP3
AVG Free Edition version 8.0
Linksys ADSL Router with no blocked ports

Any help would be much appreciated.

Cheers
0
Comment
Question by:Norbert2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24384020
You forgot the most important piece of information: which SSH server is your client running?

I assume it will be OpenSSH, and I also assume it will be directly installed, not via Cygwin.

In this case, you should find the configuration file (sshd_config) in the installation folder of OpenSSH, most likely either in: c:\program files\openssh\ or in: c:\program files\openssh\etc\

Before you apply the changes you quoted in your post, make sure the server is not running. In a command prompt terminal, type:
net stop opensshd

After having applied the changes, restart the server typing:
net start opensshd
0
 
LVL 2

Accepted Solution

by:
stagira earned 1500 total points
ID: 24384731
Hi,

yes, you need to change in the sshd_config, the token Protocol.

to find these file, you can scan all your harddire, or the process list with a tool like Procexp:

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

find the process sshd, it wil tell you were it live, then in the sshd_config change

# Protocol 2,1
Protocol 2


then restart the process.

Now, it should accept only SSHv2 connections.

Regards
0
 
LVL 35

Expert Comment

by:torimar
ID: 24450197
Norbert2000,

good to see you resolved your issue.
But didn't my comment say pretty much the same as the comment you chose for a solution? And didn't I say it even earlier?

It would have been only fair to at least split points between both comments.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses
Course of the Month13 days, 5 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question