SSH v1 on ASA 8.4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2012 03:43 PM - edited 03-11-2019 05:35 PM
Hello All,
I was just curious if SSH v1 is considered vulnerable why is it still enabled by default on the ASA 8.4 by default?
What is the vulnerability impact of using SSH v1 on an ASA?
Thanks!
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2012 07:35 PM
Well only the product managers can answer "why?". I would venture to guess all defaults are a considered balance between ease of usability and best practices.
The vulnerability is easily mitigated so perhaps that's the thinking. It's most common in my experience to not allow ssh to any public interface. So that in itself restricts the vulnerability to inside hackers. Plus if you go the the trouble of allowing ssh at all (not allowed by default) just check the box (or add the cli option) to restrict ssh to v2.
