06-25-2002 12:05 PM - edited 03-08-2019 11:08 PM
After installing the S23 update on a 4230 I notice that the SSH version note says "Cisco Intrusion Detection System modifications included". What modifications were actually made to SSH and why were they need to be made? Thanks.
06-26-2002 09:58 AM
We modified the OpenSSH source code to facilitate device management. To communicate with devices using the secure shell protocol, nr.managed spawns an instance of ssh, invoking an option that causes ssh to read the password from standard input, which in this environment is piped directly into the nr.managed process. With this option disabled (the default), the client behaves identically to the released version.
06-26-2002 11:14 AM
Has Cisco received the notice about OpenSSH vulnerabilities? OpenSSH verions up to 3.3 are vulnerable and they recommend updatijng to 3.4.
When will this update be released for the sensors, etc?
06-26-2002 04:55 PM
IDS sensor appliances, versions 3.0(1) through 3.1(2) are vulnerable. To close the hole in a 3.1(2) sensor, disable ChallengeResponseAuthentication. To apply the change, log into the sensor as root and enter the following command:
# vi /etc/sshd_config
look for the line:
#ChallengeResponseAuthentication yes
Delete the leading pound sign and change "yes" to "no". Now the line reads:
ChallengeResponseAuthentication no
Save changes and exit. Reboot the sensor.
To close the hole in earlier sensor appliance versions, apply IDSk9-sp-3.1-2-S23.bin to update your sensor to version 3.1(2). (You should also apply the latest signature updates as well.) Once upgraded to 3.1(2), follow the steps above to disable ChallengeResponseAuthentication .
06-27-2002 11:18 AM
please ignore
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide