Solved

SSH Protocol

Posted on 2009-05-14
3
2,369 Views
Last Modified: 2012-06-27
I have a client who is trying to take Credit card payments for his website. To do this he had to become PCI compliant. To satisfy the PCI compliancy regs we are using a company called Security Metrics. They have scanned the system and all is well with one exception:

"The remote service offers an insecure cryptographic protocol. Description : The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution: Disable compatibility with version 1 of the protocol"

Basically I have to disable protocol 1 of SSH but I have no idea how to do this and neither do Security Metrics. I have tried 'googling' the question and it appears this is the answer but I do not know how to do this / find the location.

"SSH has two protocols it may use, protocol 1 and protocol 2. The older protocol 1 is less secure and should be disabled unless you know that you specifically require it. Look for the following line in the /etc/ssh/sshd_config file, uncomment it and amend as shown:
# Protocol 2,1
Protocol 2
and restart the sshd service"

My client has a very simple setup as follows:

Windows XP Pro with SP3
AVG Free Edition version 8.0
Linksys ADSL Router with no blocked ports

Any help would be much appreciated.

Cheers
0
Comment
Question by:Norbert2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24384020
You forgot the most important piece of information: which SSH server is your client running?

I assume it will be OpenSSH, and I also assume it will be directly installed, not via Cygwin.

In this case, you should find the configuration file (sshd_config) in the installation folder of OpenSSH, most likely either in: c:\program files\openssh\ or in: c:\program files\openssh\etc\

Before you apply the changes you quoted in your post, make sure the server is not running. In a command prompt terminal, type:
net stop opensshd

After having applied the changes, restart the server typing:
net start opensshd
0
 
LVL 2

Accepted Solution

by:
stagira earned 500 total points
ID: 24384731
Hi,

yes, you need to change in the sshd_config, the token Protocol.

to find these file, you can scan all your harddire, or the process list with a tool like Procexp:

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

find the process sshd, it wil tell you were it live, then in the sshd_config change

# Protocol 2,1
Protocol 2


then restart the process.

Now, it should accept only SSHv2 connections.

Regards
0
 
LVL 35

Expert Comment

by:torimar
ID: 24450197
Norbert2000,

good to see you resolved your issue.
But didn't my comment say pretty much the same as the comment you chose for a solution? And didn't I say it even earlier?

It would have been only fair to at least split points between both comments.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question