https://live.paloaltonetworks.com/t5/next-generation-firewall/openssh-verification-and-upgrade/m-p/578433#M2718 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/220861">@Ryan_Volante</a>&nbsp;,</P> <P>&nbsp;</P> <P>&nbsp;to check the OpenSSH version, you can telnet to it on port 22, for instance:</P> <P>telnet 192.168.0.253 22</P> <P>&nbsp;SSH-2.0-OpenSSH_8.0</P> <P>&nbsp;</P> <P>On the other hand, regarding any concern on vulnerabilities on open source software used in PAN-OS, I would advise you to send an email to our PSIRT team&nbsp;<STRONG><A href="mailto:psirt@paloaltonetworks.com" target="_blank">psirt@paloaltonetworks.com,</A>&nbsp;y</STRONG>ou should&nbsp; receive a reply back within 2 business days.&nbsp;</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> <P>--Richard</P> <P>&nbsp;</P> Tue, 27 Feb 2024 08:31:18 GMT rdumoulin 2024-02-27T08:31:18Z https://live.paloaltonetworks.com/t5/next-generation-firewall/openssh-verification-and-upgrade/m-p/578427#M2716 <P>Aside from checking in the OSS listing, how can i verify the current OpenSSH version installed on the Palo Alto device. Also how can we upgrade it to a recommended version?</P> <P>&nbsp;</P> <P>Current firmware version: 10.2.6</P> <P>Based on OSS listing, OpenSSH version is: 8.0p1</P> Tue, 27 Feb 2024 07:29:57 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/openssh-verification-and-upgrade/m-p/578427#M2716 Ryan_Volante 2024-02-27T07:29:57Z https://live.paloaltonetworks.com/t5/next-generation-firewall/openssh-verification-and-upgrade/m-p/578428#M2717 <P>To give additional context:</P> <P>&nbsp;</P> <P>The client ran a VAPT scan using Qualys, and based on the report it is affected by multiple Open SSH vulnerabilities. One of the recommendation is to Upgrade it to a OpenSSH version 9.6.</P> <P>&nbsp;</P> Tue, 27 Feb 2024 07:35:03 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/openssh-verification-and-upgrade/m-p/578428#M2717 Ryan_Volante 2024-02-27T07:35:03Z https://live.paloaltonetworks.com/t5/next-generation-firewall/openssh-verification-and-upgrade/m-p/578433#M2718 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/220861">@Ryan_Volante</a>&nbsp;,</P> <P>&nbsp;</P> <P>&nbsp;to check the OpenSSH version, you can telnet to it on port 22, for instance:</P> <P>telnet 192.168.0.253 22</P> <P>&nbsp;SSH-2.0-OpenSSH_8.0</P> <P>&nbsp;</P> <P>On the other hand, regarding any concern on vulnerabilities on open source software used in PAN-OS, I would advise you to send an email to our PSIRT team&nbsp;<STRONG><A href="mailto:psirt@paloaltonetworks.com" target="_blank">psirt@paloaltonetworks.com,</A>&nbsp;y</STRONG>ou should&nbsp; receive a reply back within 2 business days.&nbsp;</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> <P>--Richard</P> <P>&nbsp;</P> Tue, 27 Feb 2024 08:31:18 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/openssh-verification-and-upgrade/m-p/578433#M2718 rdumoulin 2024-02-27T08:31:18Z