How to disable SSH protocol version 1 on the Symantec Brightmail Gateway (SBG) Appliance

Article:TECH90735  |  Created: 2008-01-06  |  Updated: 2014-05-20  |  Article URL http://www.symantec.com/docs/TECH90735
Article Type
Technical Solution

Product(s)

Issue



Whilst performing a vulnerability scan against the Symantec Brightmail Gateway Appliance, an OpenSSH vulnerability is reported by the software scan tool used.


The following vulnerabilities may be reported: SSH Protocol Version 1 Supported


Cause



The Symantec Brightmail Gateway appliance supports both versions 1 and 2 of the SSH protocol by default.


Solution



SBG 7.x , 8.x :

Use the sshdver command to configure the version of the SSH protocol used by the Brightmail Gateway.

To check the SSH protocol used:

  1. Log in as admin to the Symantec Brightmail Gateway Command Line Interface.
  2. Enter the following command:
    sshdver -v


To force SSH protocol version 2:

  1. Log in as admin to the Symantec Brightmail Gateway Command Line Interface.
  2. Enter the following command to force SSH protocol 2 to be used:
    sshdver 2

 

SMG 9.x and newer up to 10.5:

Use the sshd-config command to configure the version of the SSH protocol used by the Messaging Gateway.

To check the SSH protocol used:

  1. Log in as admin to the Symantec Messaging Gateway Command Line Interface.
  2. Enter the following command:
    sshd-config -v


To force SSH protocol version 2:

  1. Log in as admin to the Symantec Messaging Gateway Command Line Interface.
  2. Enter the following command to force SSH protocol 2 to be used:
    sshd-config -v2

For further information on the sshd-config command, please refer to KB HOWTO92658.




Legacy ID



2008110611034454


Article URL http://www.symantec.com/docs/TECH90735


Terms of use for this information are found in Legal Notices