04-08-2014 07:04 AM - edited 03-01-2019 07:33 AM
Hello,
Is there any document that describes which version of openssh is used in NX-OS releases?
I have some security scans that report openssh vulnerabilities, and I'd like to know if upgrading NX-OS will help me solving these issues.
Thanks,
Regards,
lang
04-08-2014 07:26 AM
Hello lang,
Not that I know of, however if you ssh to the NXs from a Linux box using verbose mode that might give you more information. I would raise this with TAC as they may be able to give you more information and better advice.
Do you have access-class configured under the vty lines to restrict ssh access?
Also was this an authenticated scan?
Hope this helps
04-15-2014 12:06 AM
Hi Bilal,
Thanks for your answer.
It was an scan running from the inside, with an authorized IP.
Yes, I know about the current version, but I'm interested in the most recent ones, and unfortunately I don't have access to a device running these versions. I guess I'll go the TAC way then.
Rgds
04-26-2023 10:06 AM
Has anybody knows how to check the OpenSSH version in nexus swiches
05-09-2023 07:19 AM
I have the same question. Cyber Insurance performed a scan and says the Nexus openssh version should be upgraded or patched to address DDOS vulnerabilities.
07-02-2024 03:20 AM
10 years later! I landed here looking for answer because of the CVE-2024-6387 openssh vulnerability. As Bilal Nawaz said, I issued ssh -v from a linux box to the nexus sw, I was able to identify the openssh version running on it.
08-20-2024 06:19 AM
If you're fortunate enough to have something like SecureCRT you can enable 'Trace Options' that will give you that "verbose" output when establishing a session. There will be an output similar to: [LOCAL] : RECV : Remote Identifier = 'SSH-1.0 OpenSSH_1.1 PKIX[1.1.1 FIPS]'.
10-01-2024 01:55 PM
Ours are currently running the following: CiscoSSH 1.13.48, OpenSSH_9.1p1, CiscoSSL 1.1.1y.7.3.377-fips.
Ours security scanners says it needs to be OpenSSH_9.8.1.
In the latest documentation for the 10.5.1 NX-OS version, it says it fixed the OpenSSH 9.5.1p1 from CSCwj01180. But when I look this up, there is nothing. The version 10.5.1 still has OpenSSH 9.1p1.
Will this ever be fixed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide