OpenSSH 7.4 version used in AOS,AHV.This is pentest issue for us.

Question

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 version is using in the latest LTS AOS and AHV (AOS 6.5.6.6 , AHV el7.nutanix.20220304.511 )
Please help us to resolve this issue.
It is recommended to use the newer version of the Paramiko Python sshd 2.4.2 module. It is recommended to disable port 2222 used by Paramiko from within the system if it is not in use.
and another issue:
The versions of ssh(OpenSSH) software used in the prompt are between 7.4-9.2, and there is a username enumeration gap corresponding to these versions. Various modified exploits of this vulnerability can affect up to ssh version 9.1.

Page 1 / 1

Hello,

Yes I don’t disagree a newer version is needed.

AOS 6.8.x uses openssh-8.0.x and openssl 1.1.1, still a better version but not new enough to satisfy your need.

I would strongly recommend you segment access to the Nutanix network generally, nothing should get onto that network except privileged access workstations.

Reply

Kcmount · Answer

Hello,Yes I don’t disagree a newer version is needed.AOS 6.8.x uses openssh-8.0.x and openssl 1.1.1, still a better version but not new enough to satisfy your need.I would strongly recommend you segment access to the Nutanix network generally, nothing should get onto that network except privileged access workstations.

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded