Solved

SSH Protocol

Posted on 2009-05-14
3
2,359 Views
Last Modified: 2012-06-27
I have a client who is trying to take Credit card payments for his website. To do this he had to become PCI compliant. To satisfy the PCI compliancy regs we are using a company called Security Metrics. They have scanned the system and all is well with one exception:

"The remote service offers an insecure cryptographic protocol. Description : The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution: Disable compatibility with version 1 of the protocol"

Basically I have to disable protocol 1 of SSH but I have no idea how to do this and neither do Security Metrics. I have tried 'googling' the question and it appears this is the answer but I do not know how to do this / find the location.

"SSH has two protocols it may use, protocol 1 and protocol 2. The older protocol 1 is less secure and should be disabled unless you know that you specifically require it. Look for the following line in the /etc/ssh/sshd_config file, uncomment it and amend as shown:
# Protocol 2,1
Protocol 2
and restart the sshd service"

My client has a very simple setup as follows:

Windows XP Pro with SP3
AVG Free Edition version 8.0
Linksys ADSL Router with no blocked ports

Any help would be much appreciated.

Cheers
0
Comment
Question by:Norbert2000
  • 2
3 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24384020
You forgot the most important piece of information: which SSH server is your client running?

I assume it will be OpenSSH, and I also assume it will be directly installed, not via Cygwin.

In this case, you should find the configuration file (sshd_config) in the installation folder of OpenSSH, most likely either in: c:\program files\openssh\ or in: c:\program files\openssh\etc\

Before you apply the changes you quoted in your post, make sure the server is not running. In a command prompt terminal, type:
net stop opensshd

After having applied the changes, restart the server typing:
net start opensshd
0
 
LVL 2

Accepted Solution

by:
stagira earned 500 total points
ID: 24384731
Hi,

yes, you need to change in the sshd_config, the token Protocol.

to find these file, you can scan all your harddire, or the process list with a tool like Procexp:

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

find the process sshd, it wil tell you were it live, then in the sshd_config change

# Protocol 2,1
Protocol 2


then restart the process.

Now, it should accept only SSHv2 connections.

Regards
0
 
LVL 35

Expert Comment

by:torimar
ID: 24450197
Norbert2000,

good to see you resolved your issue.
But didn't my comment say pretty much the same as the comment you chose for a solution? And didn't I say it even earlier?

It would have been only fair to at least split points between both comments.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question