Norbert2000
asked on
SSH Protocol
I have a client who is trying to take Credit card payments for his website. To do this he had to become PCI compliant. To satisfy the PCI compliancy regs we are using a company called Security Metrics. They have scanned the system and all is well with one exception:
"The remote service offers an insecure cryptographic protocol. Description : The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution: Disable compatibility with version 1 of the protocol"
Basically I have to disable protocol 1 of SSH but I have no idea how to do this and neither do Security Metrics. I have tried 'googling' the question and it appears this is the answer but I do not know how to do this / find the location.
"SSH has two protocols it may use, protocol 1 and protocol 2. The older protocol 1 is less secure and should be disabled unless you know that you specifically require it. Look for the following line in the /etc/ssh/sshd_config file, uncomment it and amend as shown:
# Protocol 2,1
Protocol 2
and restart the sshd service"
My client has a very simple setup as follows:
Windows XP Pro with SP3
AVG Free Edition version 8.0
Linksys ADSL Router with no blocked ports
Any help would be much appreciated.
Cheers
"The remote service offers an insecure cryptographic protocol. Description : The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution: Disable compatibility with version 1 of the protocol"
Basically I have to disable protocol 1 of SSH but I have no idea how to do this and neither do Security Metrics. I have tried 'googling' the question and it appears this is the answer but I do not know how to do this / find the location.
"SSH has two protocols it may use, protocol 1 and protocol 2. The older protocol 1 is less secure and should be disabled unless you know that you specifically require it. Look for the following line in the /etc/ssh/sshd_config file, uncomment it and amend as shown:
# Protocol 2,1
Protocol 2
and restart the sshd service"
My client has a very simple setup as follows:
Windows XP Pro with SP3
AVG Free Edition version 8.0
Linksys ADSL Router with no blocked ports
Any help would be much appreciated.
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Norbert2000,
good to see you resolved your issue.
But didn't my comment say pretty much the same as the comment you chose for a solution? And didn't I say it even earlier?
It would have been only fair to at least split points between both comments.
good to see you resolved your issue.
But didn't my comment say pretty much the same as the comment you chose for a solution? And didn't I say it even earlier?
It would have been only fair to at least split points between both comments.
I assume it will be OpenSSH, and I also assume it will be directly installed, not via Cygwin.
In this case, you should find the configuration file (sshd_config) in the installation folder of OpenSSH, most likely either in: c:\program files\openssh\ or in: c:\program files\openssh\etc\
Before you apply the changes you quoted in your post, make sure the server is not running. In a command prompt terminal, type:
net stop opensshd
After having applied the changes, restart the server typing:
net start opensshd