cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
438
Views
0
Helpful
4
Replies

SSH modifications

alexbwood
Level 1
Level 1

After installing the S23 update on a 4230 I notice that the SSH version note says "Cisco Intrusion Detection System modifications included". What modifications were actually made to SSH and why were they need to be made? Thanks.

4 Replies 4

brhamon
Level 1
Level 1

We modified the OpenSSH source code to facilitate device management. To communicate with devices using the secure shell protocol, nr.managed spawns an instance of ssh, invoking an option that causes ssh to read the password from standard input, which in this environment is piped directly into the nr.managed process. With this option disabled (the default), the client behaves identically to the released version.

Has Cisco received the notice about OpenSSH vulnerabilities? OpenSSH verions up to 3.3 are vulnerable and they recommend updatijng to 3.4.

www.openssh.com

When will this update be released for the sensors, etc?

IDS sensor appliances, versions 3.0(1) through 3.1(2) are vulnerable. To close the hole in a 3.1(2) sensor, disable ChallengeResponseAuthentication. To apply the change, log into the sensor as root and enter the following command:

# vi /etc/sshd_config

look for the line:

#ChallengeResponseAuthentication yes

Delete the leading pound sign and change "yes" to "no". Now the line reads:

ChallengeResponseAuthentication no

Save changes and exit. Reboot the sensor.

To close the hole in earlier sensor appliance versions, apply IDSk9-sp-3.1-2-S23.bin to update your sensor to version 3.1(2). (You should also apply the latest signature updates as well.) Once upgraded to 3.1(2), follow the steps above to disable ChallengeResponseAuthentication .

please ignore

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: