07-08-2021 06:48 AM
Hi Guys.
I hope you are doing fine.
Our infrastructure is being audited by an auditor and they asked us to provide a proof which shows FTDs (We are using Cisco Firepower 2100 series) use SSH version 2.
I looked everywhere in order to find out about the SSH version which is using by FTD, but I did not find anything.
Could you please help in this matter? Any official documents or a command which show this feature would work.
Best Regards,
Peyman
Solved! Go to Solution.
07-08-2021 09:05 AM - edited 07-08-2021 09:17 AM
It doesn't show up in the config but you can verify it via demonstration by capturing the session info of a connection. For instance, here's one from Putty connecting to FTD 6.6.4:
2021-07-08 11:59:09 We claim version: SSH-2.0-PuTTY_Release_0.70 2021-07-08 11:59:09 Server version: SSH-2.0-OpenSSH_7.5 2021-07-08 11:59:09 Using SSH protocol version 2 2021-07-08 11:59:09 Doing ECDH key exchange with curve Curve25519 and hash SHA-256 2021-07-08 11:59:10 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them 2021-07-08 11:59:10 Host key fingerprint is: 2021-07-08 11:59:10 ssh-ed25519 256 <redacted> 2021-07-08 11:59:10 Initialised AES-256 SDCTR client->server encryption 2021-07-08 11:59:10 Initialised HMAC-SHA-256 client->server MAC algorithm 2021-07-08 11:59:10 Initialised AES-256 SDCTR server->client encryption 2021-07-08 11:59:10 Initialised HMAC-SHA-256 server->client MAC algorithm 2021-07-08 11:59:12 Attempting keyboard-interactive authentication 2021-07-08 11:59:18 Access granted
You can also scan it using nmap to confirm:
nmap -sV -sC <target>
07-08-2021 09:05 AM - edited 07-08-2021 09:17 AM
It doesn't show up in the config but you can verify it via demonstration by capturing the session info of a connection. For instance, here's one from Putty connecting to FTD 6.6.4:
2021-07-08 11:59:09 We claim version: SSH-2.0-PuTTY_Release_0.70 2021-07-08 11:59:09 Server version: SSH-2.0-OpenSSH_7.5 2021-07-08 11:59:09 Using SSH protocol version 2 2021-07-08 11:59:09 Doing ECDH key exchange with curve Curve25519 and hash SHA-256 2021-07-08 11:59:10 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them 2021-07-08 11:59:10 Host key fingerprint is: 2021-07-08 11:59:10 ssh-ed25519 256 <redacted> 2021-07-08 11:59:10 Initialised AES-256 SDCTR client->server encryption 2021-07-08 11:59:10 Initialised HMAC-SHA-256 client->server MAC algorithm 2021-07-08 11:59:10 Initialised AES-256 SDCTR server->client encryption 2021-07-08 11:59:10 Initialised HMAC-SHA-256 server->client MAC algorithm 2021-07-08 11:59:12 Attempting keyboard-interactive authentication 2021-07-08 11:59:18 Access granted
You can also scan it using nmap to confirm:
nmap -sV -sC <target>
07-09-2021 12:41 AM
@Marvin Rhoads Thanks a lot for your answer.
07-08-2021 09:06 AM
To view SSH run-config from FTD CLI: >show running-config ssh
You can manage/configure ssh settings via platform settings within FMC under a Threat Defense Settings policy (FMC->Devices->Platform Settings: Threat Defense Settings->Secure Shell). I know in older versions of FMC this is where you could specify/show which versions are configured. I have FMC 6.7 now and that capability is not present, which leads me to believe that it automagically uses v2. However, I am not sure how to view/extract that nor do I know of any official documentation stating that.
07-09-2021 12:46 AM
@Mike.Cifelli Thanks for your answer.
I have also searched a lot in this regard but I could not find anything useful.
But I think Marvin's solution helps in this case.
03-23-2023 09:57 AM
Old post but was going through this as well. I like what @Marvin Rhoads showed, but trying to SSH via v1 also generates an error which could be used as demo as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide