IBM Support

Reducing SSH vulnerability

Troubleshooting


Problem

How do I limit Open Secure Shell (SSH) vulnerability?

Symptom

During a security scan, OpenSSH may be flagged as a vulnerability. This article describes how to alleviate the potential vulnerability.

Resolving The Problem

SSH currently supports protocol versions 1 and 2. The security scan vulnerabilty refers to the SSH protocol version 1.

The default configuration of OpenSSH supports both protocol 1 and 2.  To reduce the vulnerability, reconfigure OpenSSH software to restrict connections to be SSH Version 2 or above. No software upgrade should be required. 

Recommendation:  Ensure that you have access to the Netezza host console in case you inadvertently get locked out of using SSH. 

1. Log in as the root user.
2. Open the /etc/ssh/ssh_config file for editing.
3. Uncomment the line that reads # Protocol 2,1
4. Modify that same line to read 'Protocol 2' instead of 'Protocol 2,1'
5. Save your changes.
6. Restart the ssh service by running the following command:
service sshd restart

[{"Product":{"code":"SSULQD","label":"IBM PureData System"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":null,"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.0.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Historical Number

NZ864174

Document Information

Modified date:
17 October 2019

UID

swg21571507

Page Feedback